Add option to customize Cache-Control header

config-skel.json

@@ -39,5 +39,6 @@
   },
   "readonly": false,
   "enable_metrics": true,
-  "generated_password_length": 15
+  "generated_password_length": 15,
+  "cache-control": ""
 }

docs/index.md

@@ -433,6 +433,7 @@ Copy `config-skel.json` to `config.json` and adjust the options (all options are
 - `readonly`: true or false; if true, no write operation is allowed both for admins and non-admins (logging is still operational)
 - `enable_metrics`: true or false, enables Prometheus-formatted metrics
 - `generated_password_length`: default length of random generated password (default is 15)
+- `cache-control`: Cache-Control header to be sent along GET/HEAD responses
 
 ## 5. Prepare the database
 

lib/schemas/system_config.json

@@ -76,7 +76,8 @@
     },
     "readonly": { "type": "boolean" },
     "enable_metrics": { "type": "boolean" },
-    "generated_password_length": { "type": "integer", "minimum": 10, "maximum": 50 }
+    "generated_password_length": { "type": "integer", "minimum": 10, "maximum": 50 },
+    "cache-control": { "type": "string" }
   },
   "required": ["jwt_duration", "listen", "log", "https", "redis", "onetimetokens", "readonly", "crypto"]
 }

passweaver-api.mjs

@@ -65,6 +65,16 @@ if (cfg?.https?.hsts) {
   app.use(helmet.hsts())
 }
 
+// Set Cache-Control headers
+const cacheControl = Config.get()['cache-control']
+app.use((req, res, next) => {
+  if ((req.method === 'GET' || req.method === 'HEAD') && cacheControl) {
+    res.set('Cache-Control', cacheControl)
+  }
+  res.set('Vary', 'Authorization, Accept-Encoding, Accept-Language')
+  next()
+})
+
 if (!FS.existsSync(cfg.log.dir)) {
   FS.mkdirSync(cfg.log.dir)
 }