Skip to content

Commit

Permalink
Fix cache-control header for API routes
Browse files Browse the repository at this point in the history 
closes #4157

- adds cache-control header back to api routes
- moves cache rules object into testUtils
- adds cache-control header test to every existing API test
  • Loading branch information
@ErisDS
ErisDS committed Sep 25, 2014
1 parent bb23fda commit e5e7488
Show file tree
Hide file tree
Showing 13 changed files with 159 additions and 83 deletions.
1 change: 1 addition & 0 deletions core/server/middleware/index.js
View file
Expand Up @@ -311,6 +311,7 @@ setupMiddleware = function (blogAppInstance, adminApp) {
// ### Caching
blogApp.use(middleware.cacheControl('public'));
adminApp.use(middleware.cacheControl('private'));
blogApp.use(routes.apiBaseUri, middleware.cacheControl('private'));

// enable authentication
blogApp.use(middleware.authenticate);
Expand Down
31 changes: 12 additions & 19 deletions core/test/functional/routes/admin_test.js
View file
Expand Up @@ -9,14 +9,7 @@ var request = require('supertest'),
should = require('should'),

testUtils = require('../../utils'),
ghost = require('../../../../core'),

cacheRules = {
public: 'public, max-age=0',
hour: 'public, max-age=' + testUtils.ONE_HOUR_S,
year: 'public, max-age=' + testUtils.ONE_YEAR_S,
private: 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0'
};
ghost = require('../../../../core');

describe('Admin Routing', function () {
function doEnd(done) {
Expand Down Expand Up @@ -67,23 +60,23 @@ describe('Admin Routing', function () {
it('should redirect /logout/ to /ghost/signout/', function (done) {
request.get('/logout/')
.expect('Location', '/ghost/signout/')
.expect('Cache-Control', cacheRules.year)
.expect('Cache-Control', testUtils.cacheRules.year)
.expect(301)
.end(doEndNoAuth(done));
});

it('should redirect /signout/ to /ghost/signout/', function (done) {
request.get('/signout/')
.expect('Location', '/ghost/signout/')
.expect('Cache-Control', cacheRules.year)
.expect('Cache-Control', testUtils.cacheRules.year)
.expect(301)
.end(doEndNoAuth(done));
});

it('should redirect /signup/ to /ghost/signup/', function (done) {
request.get('/signup/')
.expect('Location', '/ghost/signup/')
.expect('Cache-Control', cacheRules.year)
.expect('Cache-Control', testUtils.cacheRules.year)
.expect(301)
.end(doEndNoAuth(done));
});
Expand All @@ -92,15 +85,15 @@ describe('Admin Routing', function () {
it('should redirect /signin/ to /ghost/', function (done) {
request.get('/signin/')
.expect('Location', '/ghost/')
.expect('Cache-Control', cacheRules.public)
.expect('Cache-Control', testUtils.cacheRules.public)
.expect(302)
.end(doEndNoAuth(done));
});

it('should redirect /admin/ to /ghost/', function (done) {
request.get('/admin/')
.expect('Location', '/ghost/')
.expect('Cache-Control', cacheRules.public)
.expect('Cache-Control', testUtils.cacheRules.public)
.expect(302)
.end(doEndNoAuth(done));
});
Expand Down Expand Up @@ -191,23 +184,23 @@ describe('Admin Routing', function () {
it('should redirect from /ghost/ to /ghost/setup/ when no user/not installed yet', function (done) {
request.get('/ghost/')
.expect('Location', /ghost\/setup/)
.expect('Cache-Control', cacheRules['private'])
.expect('Cache-Control', testUtils.cacheRules['private'])
.expect(302)
.end(doEnd(done));
});

it('should redirect from /ghost/signin/ to /ghost/setup/ when no user', function (done) {
request.get('/ghost/signin/')
.expect('Location', /ghost\/setup/)
.expect('Cache-Control', cacheRules['private'])
.expect('Cache-Control', testUtils.cacheRules['private'])
.expect(302)
.end(doEnd(done));
});

it('should respond with html for /ghost/setup/', function (done) {
request.get('/ghost/setup/')
.expect('Content-Type', /html/)
.expect('Cache-Control', cacheRules['private'])
.expect('Cache-Control', testUtils.cacheRules['private'])
.expect(200)
.end(doEnd(done));
});
Expand Down Expand Up @@ -251,14 +244,14 @@ describe('Admin Routing', function () {
// it('should respond with html for /ghost/forgotten/', function (done) {
// request.get('/ghost/forgotten/')
// .expect('Content-Type', /html/)
// .expect('Cache-Control', cacheRules['private'])
// .expect('Cache-Control', testUtils.cacheRules['private'])
// .expect(200)
// .end(doEnd(done));
// });
//
// it('should respond 404 for /ghost/reset/', function (done) {
// request.get('/ghost/reset/')
// .expect('Cache-Control', cacheRules['private'])
// .expect('Cache-Control', testUtils.cacheRules['private'])
// .expect(404)
// .expect(/Page Not Found/)
// .end(doEnd(done));
Expand All @@ -267,7 +260,7 @@ describe('Admin Routing', function () {
// it('should redirect /ghost/reset/*/', function (done) {
// request.get('/ghost/reset/athing/')
// .expect('Location', /ghost\/forgotten/)
// .expect('Cache-Control', cacheRules['private'])
// .expect('Cache-Control', testUtils.cacheRules['private'])
// .expect(302)
// .end(doEnd(done));
// });
Expand Down
9 changes: 9 additions & 0 deletions core/test/functional/routes/api/authentication_test.js
View file
Expand Up @@ -36,6 +36,8 @@ describe('Authentication API', function () {
request.post(testUtils.API.getApiQuery('authentication/token'))
.send({grant_type: 'password', username: user.email, password: user.password, client_id: 'ghost-admin'})
.expect('Content-Type', /json/)
// TODO: make it possible to override oauth2orize's header so that this is consistent
.expect('Cache-Control', 'no-store')
.expect(200)
.end(function (err, res) {
if (err) {
Expand All @@ -55,6 +57,7 @@ describe('Authentication API', function () {
request.post(testUtils.API.getApiQuery('authentication/token'))
.send({grant_type: 'password', username: 'invalid@email.com', password: user.password, client_id: 'ghost-admin'})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules['private'])
.expect(404)
.end(function (err, res) {
if (err) {
Expand All @@ -71,6 +74,7 @@ describe('Authentication API', function () {
request.post(testUtils.API.getApiQuery('authentication/token'))
.send({grant_type: 'password', username: user.email, password: 'invalid', client_id: 'ghost-admin'})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules['private'])
.expect(401)
.end(function (err, res) {
if (err) {
Expand All @@ -87,6 +91,8 @@ describe('Authentication API', function () {
request.post(testUtils.API.getApiQuery('authentication/token'))
.send({grant_type: 'password', username: user.email, password: user.password, client_id: 'ghost-admin'})
.expect('Content-Type', /json/)
// TODO: make it possible to override oauth2orize's header so that this is consistent
.expect('Cache-Control', 'no-store')
.expect(200)
.end(function (err, res) {
if (err) {
Expand All @@ -96,6 +102,8 @@ describe('Authentication API', function () {
request.post(testUtils.API.getApiQuery('authentication/token'))
.send({grant_type: 'refresh_token', refresh_token: refreshToken, client_id: 'ghost-admin'})
.expect('Content-Type', /json/)
// TODO: make it possible to override oauth2orize's header so that this is consistent
.expect('Cache-Control', 'no-store')
.expect(200)
.end(function (err, res) {
if (err) {
Expand All @@ -113,6 +121,7 @@ describe('Authentication API', function () {
request.post(testUtils.API.getApiQuery('authentication/token'))
.send({grant_type: 'refresh_token', refresh_token: 'invalid', client_id: 'ghost-admin'})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules['private'])
.expect(403)
.end(function (err, res) {
if (err) {
Expand Down
1 change: 1 addition & 0 deletions core/test/functional/routes/api/db_test.js
View file
Expand Up @@ -35,6 +35,7 @@ describe('DB API', function () {
request.get(testUtils.API.getApiQuery('db/'))
.set('Authorization', 'Bearer ' + accesstoken)
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules['private'])
.expect(200)
.expect('Content-Disposition', /Attachment; filename="[A-Za-z0-9._-]+\.json"/)
.end(function (err, res) {
Expand Down
1 change: 1 addition & 0 deletions core/test/functional/routes/api/error_test.js
View file
Expand Up @@ -30,6 +30,7 @@ describe('Unauthorized', function () {
describe('Unauthorized API', function () {
it('can\'t retrieve posts', function (done) {
request.get(testUtils.API.getApiQuery('posts/'))
.expect('Cache-Control', testUtils.cacheRules['private'])
.expect(401)
.end(function firstRequest(err, res) {
if (err) {
Expand Down
2 changes: 2 additions & 0 deletions core/test/functional/routes/api/notifications_test.js
View file
Expand Up @@ -43,6 +43,7 @@ describe('Notifications API', function () {
.set('Authorization', 'Bearer ' + accesstoken)
.send({notifications: [newNotification]})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules['private'])
.expect(201)
.end(function (err, res) {
if (err) {
Expand Down Expand Up @@ -77,6 +78,7 @@ describe('Notifications API', function () {
.set('Authorization', 'Bearer ' + accesstoken)
.send({notifications: [newNotification]})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules['private'])
.expect(201)
.end(function (err, res) {
if (err) {
Expand Down

0 comments on commit e5e7488

Please sign in to comment.