diff --git a/appinfo/routes.php b/appinfo/routes.php index 769ace2af..22c4b132c 100644 --- a/appinfo/routes.php +++ b/appinfo/routes.php @@ -20,10 +20,15 @@ 'postfix' => 'welcome', ], [ - 'name' => 'page#create', + 'name' => 'page#createGet', // deprecated, use createPost instead 'url' => '/new', 'verb' => 'GET', ], + [ + 'name' => 'page#createPost', + 'url' => '/new', + 'verb' => 'POST', + ], [ 'name' => 'page#index', 'url' => '/note/{id}', diff --git a/lib/Controller/NotesApiController.php b/lib/Controller/NotesApiController.php index d0c8e4f88..a04d8db05 100644 --- a/lib/Controller/NotesApiController.php +++ b/lib/Controller/NotesApiController.php @@ -298,7 +298,8 @@ public function getAttachment(int $noteid, string $path): Http\Response { $response = new StreamResponse($fileHandle); $response->addHeader('Content-Disposition', 'attachment; filename="' . rawurldecode($targetimage->getName()) . '"'); $response->addHeader('Content-Type', $this->mimeTypeDetector->getSecureMimeType($targetimage->getMimeType())); - $response->addHeader('Cache-Control', 'public, max-age=604800'); + $response->addHeader('Vary', 'Authorization, Cookie'); + $response->cacheFor(3600); return $response; } catch (\Exception $e) { $this->helper->logException($e); diff --git a/lib/Controller/NotesController.php b/lib/Controller/NotesController.php index 17de3eab6..c5c1c9419 100644 --- a/lib/Controller/NotesController.php +++ b/lib/Controller/NotesController.php @@ -351,7 +351,8 @@ public function getAttachment(int $noteid, string $path): Http\Response { 'Content-Type', $this->mimeTypeDetector->getSecureMimeType($targetimage->getMimeType()) ); - $response->addHeader('Cache-Control', 'public, max-age=604800'); + $response->addHeader('Vary', 'Authorization, Cookie'); + $response->cacheFor(3600); return $response; } catch (\Exception $e) { $this->helper->logException($e); diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 394af0b94..909ce2d28 100644 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -21,6 +21,7 @@ use OCP\AppFramework\Controller; use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\Attribute\NoCSRFRequired; +use OCP\AppFramework\Http\Attribute\UserRateLimit; use OCP\AppFramework\Http\ContentSecurityPolicy; use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Http\TemplateResponse; @@ -30,6 +31,7 @@ use OCP\IRequest; use OCP\IURLGenerator; use OCP\IUserSession; +use Psr\Log\LoggerInterface; class PageController extends Controller { private NotesService $notesService; @@ -38,6 +40,7 @@ class PageController extends Controller { private IURLGenerator $urlGenerator; private IEventDispatcher $eventDispatcher; private IInitialState $initialState; + private LoggerInterface $logger; public function __construct( string $AppName, @@ -48,6 +51,7 @@ public function __construct( IURLGenerator $urlGenerator, IEventDispatcher $eventDispatcher, IInitialState $initialState, + LoggerInterface $logger, ) { parent::__construct($AppName, $request); $this->notesService = $notesService; @@ -56,6 +60,7 @@ public function __construct( $this->urlGenerator = $urlGenerator; $this->eventDispatcher = $eventDispatcher; $this->initialState = $initialState; + $this->logger = $logger; } @@ -102,12 +107,25 @@ public function index() : TemplateResponse { } /** - * + * @deprecated Use createPost() instead. This endpoint will be removed in a future version. */ #[NoAdminRequired] #[NoCSRFRequired] - public function create() : RedirectResponse { - $note = $this->notesService->create($this->userSession->getUser()->getUID(), '', ''); + #[UserRateLimit(limit: 20, period: 60)] + public function createGet() : RedirectResponse { + $this->logger->debug('Deprecated GET /new endpoint used', [ + 'user' => $this->userSession->getUser()?->getUID(), + 'remote_addr' => $this->request->getRemoteAddress(), + 'user_agent' => $this->request->getHeader('User-Agent') + ]); + return $this->createPost(); + } + + #[NoAdminRequired] + #[NoCSRFRequired] + #[UserRateLimit(limit: 20, period: 60)] + public function createPost() : RedirectResponse { + $note = $this->notesService->create($this->userSession->getUser()?->getUID() ?? '', '', ''); $note->setContent(''); $url = $this->urlGenerator->linkToRoute('notes.page.indexnote', [ 'id' => $note->getId() ]); return new RedirectResponse($url . '?new');