diff --git a/internal/api/anonymous.go b/internal/api/anonymous.go index a1b445791..9d184e7ad 100644 --- a/internal/api/anonymous.go +++ b/internal/api/anonymous.go @@ -58,5 +58,5 @@ func (a *API) SignupAnonymously(w http.ResponseWriter, r *http.Request) error { } metering.RecordLogin(metering.LoginTypeAnonymous, newUser.ID, nil) - return sendJSON(w, http.StatusOK, token) + return sendTokenJSON(w, http.StatusOK, token) } diff --git a/internal/api/helpers.go b/internal/api/helpers.go index 24643f736..a13acb89b 100644 --- a/internal/api/helpers.go +++ b/internal/api/helpers.go @@ -19,6 +19,12 @@ func sendJSON(w http.ResponseWriter, status int, obj interface{}) error { return shared.SendJSON(w, status, obj) } +func sendTokenJSON(w http.ResponseWriter, status int, obj interface{}) error { + w.Header().Set("Cache-Control", "no-store, no-cache, must-revalidate") + w.Header().Set("Pragma", "no-cache") + return shared.SendJSON(w, status, obj) +} + func isAdmin(u *models.User, config *conf.GlobalConfiguration) bool { return config.JWT.Aud == u.Aud && u.HasRole(config.JWT.AdminGroupName) } diff --git a/internal/api/mfa.go b/internal/api/mfa.go index 81523363f..007e5b12c 100644 --- a/internal/api/mfa.go +++ b/internal/api/mfa.go @@ -752,7 +752,7 @@ func (a *API) verifyTOTPFactor(w http.ResponseWriter, r *http.Request, params *V Provider: metering.ProviderMFATOTP, }) - return sendJSON(w, http.StatusOK, token) + return sendTokenJSON(w, http.StatusOK, token) } @@ -892,7 +892,7 @@ func (a *API) verifyPhoneFactor(w http.ResponseWriter, r *http.Request, params * Provider: metering.ProviderMFAPhone, }) - return sendJSON(w, http.StatusOK, token) + return sendTokenJSON(w, http.StatusOK, token) } func (a *API) verifyWebAuthnFactor(w http.ResponseWriter, r *http.Request, params *VerifyFactorParams) error { @@ -1012,7 +1012,7 @@ func (a *API) verifyWebAuthnFactor(w http.ResponseWriter, r *http.Request, param Provider: metering.ProviderMFAWebAuthn, }) - return sendJSON(w, http.StatusOK, token) + return sendTokenJSON(w, http.StatusOK, token) } func (a *API) VerifyFactor(w http.ResponseWriter, r *http.Request) error { diff --git a/internal/api/signup.go b/internal/api/signup.go index 89c79f889..1af7c6a7a 100644 --- a/internal/api/signup.go +++ b/internal/api/signup.go @@ -329,7 +329,7 @@ func (a *API) Signup(w http.ResponseWriter, r *http.Request) error { "immediate_login_after_signup": true, }, }) - return sendJSON(w, http.StatusOK, token) + return sendTokenJSON(w, http.StatusOK, token) } if user.HasBeenInvited() { // Remove sensitive fields diff --git a/internal/api/token.go b/internal/api/token.go index a2b9bdcd1..c8b29d700 100644 --- a/internal/api/token.go +++ b/internal/api/token.go @@ -206,7 +206,7 @@ func (a *API) ResourceOwnerPasswordGrant(ctx context.Context, w http.ResponseWri metering.RecordLogin(metering.LoginTypePassword, user.ID, &metering.LoginData{ Provider: provider, }) - return sendJSON(w, http.StatusOK, token) + return sendTokenJSON(w, http.StatusOK, token) } func (a *API) PKCE(ctx context.Context, w http.ResponseWriter, r *http.Request) error { @@ -283,7 +283,7 @@ func (a *API) PKCE(ctx context.Context, w http.ResponseWriter, r *http.Request) metering.RecordLogin(metering.LoginTypePKCE, user.ID, &metering.LoginData{ Provider: flowState.ProviderType, }) - return sendJSON(w, http.StatusOK, token) + return sendTokenJSON(w, http.StatusOK, token) } func (a *API) generateAccessToken(r *http.Request, tx *storage.Connection, user *models.User, sessionId *uuid.UUID, authenticationMethod models.AuthenticationMethod) (string, int64, error) { diff --git a/internal/api/token_oidc.go b/internal/api/token_oidc.go index e62940abc..c0ec6d3e2 100644 --- a/internal/api/token_oidc.go +++ b/internal/api/token_oidc.go @@ -319,5 +319,5 @@ func (a *API) IdTokenGrant(ctx context.Context, w http.ResponseWriter, r *http.R Provider: providerType, }) - return sendJSON(w, http.StatusOK, token) + return sendTokenJSON(w, http.StatusOK, token) } diff --git a/internal/api/token_refresh.go b/internal/api/token_refresh.go index 2ba3dbfd2..9cb42be13 100644 --- a/internal/api/token_refresh.go +++ b/internal/api/token_refresh.go @@ -27,5 +27,5 @@ func (a *API) RefreshTokenGrant(ctx context.Context, w http.ResponseWriter, r *h return err } - return sendJSON(w, http.StatusOK, tokenResponse) + return sendTokenJSON(w, http.StatusOK, tokenResponse) } diff --git a/internal/api/verify.go b/internal/api/verify.go index 6209774bb..447a1e541 100644 --- a/internal/api/verify.go +++ b/internal/api/verify.go @@ -307,7 +307,7 @@ func (a *API) verifyPost(w http.ResponseWriter, r *http.Request, params *VerifyP Provider: provider, }) - return sendJSON(w, http.StatusOK, token) + return sendTokenJSON(w, http.StatusOK, token) } func (a *API) signupVerify(r *http.Request, ctx context.Context, conn *storage.Connection, user *models.User) (*models.User, error) { diff --git a/internal/api/web3.go b/internal/api/web3.go index 3928b1a25..d2105aa20 100644 --- a/internal/api/web3.go +++ b/internal/api/web3.go @@ -200,7 +200,7 @@ func (a *API) web3GrantSolana(ctx context.Context, w http.ResponseWriter, r *htt }, }) - return sendJSON(w, http.StatusOK, token) + return sendTokenJSON(w, http.StatusOK, token) } func (a *API) web3GrantEthereum(ctx context.Context, w http.ResponseWriter, r *http.Request, params *Web3GrantParams) error { @@ -335,5 +335,5 @@ func (a *API) web3GrantEthereum(ctx context.Context, w http.ResponseWriter, r *h return err } } - return sendJSON(w, http.StatusOK, token) + return sendTokenJSON(w, http.StatusOK, token) }