Only cache public attachments in the browser and CDNs.

The browser might overrule it anyway, if it's really obvious that it should be cached.
This is mainly so Cloudflare, etc. don't serve sensitive documents to guests.
This commit is contained in:
Azareal 2018-11-20 14:00:32 +10:00
parent 1aac6f1268
commit 352a262866
2 changed files with 15 additions and 4 deletions

View File

@ -1,7 +1,6 @@
package common
import (
"sync"
"sync/atomic"
)
@ -41,7 +40,6 @@ func (thaw *SingleServerThaw) Thaw() {
type DefaultThaw struct {
thawed int64
sync.Mutex
}
func NewDefaultThaw() *DefaultThaw {
@ -52,8 +50,6 @@ func NewDefaultThaw() *DefaultThaw {
// Decrement the thawed counter once a second until it goes cold
func (thaw *DefaultThaw) Tick() error {
thaw.Lock()
defer thaw.Unlock()
prior := thaw.thawed
if prior > 0 {
atomic.StoreInt64(&thaw.thawed, prior-1)

View File

@ -140,6 +140,21 @@ func ShowAttachment(w http.ResponseWriter, r *http.Request, user common.User, fi
return common.LocalError("Unknown origin", w, r, user)
}
if !user.Loggedin {
w.Header().Set("Cache-Control", "max-age="+strconv.Itoa(int(common.Year)))
} else {
guest := common.GuestUser
_, ferr := common.SimpleForumUserCheck(w, r, &guest, sectionID)
if ferr != nil {
return ferr
}
if guest.Perms.ViewTopic {
w.Header().Set("Cache-Control", "max-age="+strconv.Itoa(int(common.Year)))
} else {
w.Header().Set("Cache-Control", "private")
}
}
// TODO: Fix the problem where non-existent files aren't greeted with custom 404s on ServeFile()'s side
http.ServeFile(w, r, "./attachs/"+filename)
return nil