Added backend JWKS endpoint caching

refs https://github.com/TryGhost/Toolbox/issues/411
refs f58b5984cb

- Backend JWKS endpoint did not have any HTTP caching
- It is recommended to cache JWKS endpoints (ref.: https://docs.apigee.com/api-platform/reference/policies/jwt-policies-overview)
- This change also brings the endpoint up to speed with what members JWKS
endpoint does
- Above point gives another reminder to extract JWKS functionality into a
common module that should be reused
This commit is contained in:
Naz 2022-09-27 14:38:52 +08:00 committed by naz
parent 8c47819194
commit a26689c264
2 changed files with 6 additions and 1 deletions

View File

@ -1,5 +1,7 @@
const cacheControl = require('@tryghost/mw-cache-control');
const express = require('../../shared/express'); const express = require('../../shared/express');
const settings = require('../../shared/settings-cache'); const settings = require('../../shared/settings-cache');
const config = require('../../shared/config');
module.exports = function setupWellKnownApp() { module.exports = function setupWellKnownApp() {
const wellKnownApp = express('well-known'); const wellKnownApp = express('well-known');
@ -14,7 +16,9 @@ module.exports = function setupWellKnownApp() {
return keyStore.toJSON(); return keyStore.toJSON();
}; };
wellKnownApp.get('/jwks.json', async (req, res) => { const cache = cacheControl('public', {maxAge: config.get('caching:wellKnown:maxAge')});
wellKnownApp.get('/jwks.json', cache, async (req, res) => {
const jwks = await getSafePublicJWKS(); const jwks = await getSafePublicJWKS();
// there's only one key in the store atm // there's only one key in the store atm

View File

@ -16,6 +16,7 @@ Object {
exports[`.well-known GET /jwks.json should return a JWKS 2: [headers] 1`] = ` exports[`.well-known GET /jwks.json should return a JWKS 2: [headers] 1`] = `
Object { Object {
"cache-control": "public, max-age=86400",
"content-length": "277", "content-length": "277",
"content-type": "application/json; charset=utf-8", "content-type": "application/json; charset=utf-8",
"etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/, "etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,