mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-25 20:03:12 +03:00
Added backend JWKS endpoint caching
refs https://github.com/TryGhost/Toolbox/issues/411
refs f58b5984cb
- Backend JWKS endpoint did not have any HTTP caching
- It is recommended to cache JWKS endpoints (ref.: https://docs.apigee.com/api-platform/reference/policies/jwt-policies-overview)
- This change also brings the endpoint up to speed with what members JWKS
endpoint does
- Above point gives another reminder to extract JWKS functionality into a
common module that should be reused
This commit is contained in:
parent
8c47819194
commit
a26689c264
@ -1,5 +1,7 @@
|
|||||||
|
const cacheControl = require('@tryghost/mw-cache-control');
|
||||||
const express = require('../../shared/express');
|
const express = require('../../shared/express');
|
||||||
const settings = require('../../shared/settings-cache');
|
const settings = require('../../shared/settings-cache');
|
||||||
|
const config = require('../../shared/config');
|
||||||
|
|
||||||
module.exports = function setupWellKnownApp() {
|
module.exports = function setupWellKnownApp() {
|
||||||
const wellKnownApp = express('well-known');
|
const wellKnownApp = express('well-known');
|
||||||
@ -14,7 +16,9 @@ module.exports = function setupWellKnownApp() {
|
|||||||
return keyStore.toJSON();
|
return keyStore.toJSON();
|
||||||
};
|
};
|
||||||
|
|
||||||
wellKnownApp.get('/jwks.json', async (req, res) => {
|
const cache = cacheControl('public', {maxAge: config.get('caching:wellKnown:maxAge')});
|
||||||
|
|
||||||
|
wellKnownApp.get('/jwks.json', cache, async (req, res) => {
|
||||||
const jwks = await getSafePublicJWKS();
|
const jwks = await getSafePublicJWKS();
|
||||||
|
|
||||||
// there's only one key in the store atm
|
// there's only one key in the store atm
|
||||||
|
@ -16,6 +16,7 @@ Object {
|
|||||||
|
|
||||||
exports[`.well-known GET /jwks.json should return a JWKS 2: [headers] 1`] = `
|
exports[`.well-known GET /jwks.json should return a JWKS 2: [headers] 1`] = `
|
||||||
Object {
|
Object {
|
||||||
|
"cache-control": "public, max-age=86400",
|
||||||
"content-length": "277",
|
"content-length": "277",
|
||||||
"content-type": "application/json; charset=utf-8",
|
"content-type": "application/json; charset=utf-8",
|
||||||
"etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,
|
"etag": StringMatching /\\(\\?:W\\\\/\\)\\?"\\(\\?:\\[ !#-\\\\x7E\\\\x80-\\\\xFF\\]\\*\\|\\\\r\\\\n\\[\\\\t \\]\\|\\\\\\\\\\.\\)\\*"/,
|
||||||
|
Loading…
Reference in New Issue
Block a user