Disable cache storage on live JSON routes

2026-04-07 13:42:46 +08:00
parent 6153e94000
commit cc1afe8173
8 changed files with 150 additions and 19 deletions
--- a/src/app/api/v1/conversation-folders/[folderKey]/route.ts
+++ b/src/app/api/v1/conversation-folders/[folderKey]/route.ts
@@ -1,7 +1,8 @@
-import { NextRequest, NextResponse } from "next/server";
+import { NextRequest } from "next/server";
 import { requireRequestSession } from "@/lib/boss-auth";
 import { getConversationFolderView } from "@/lib/boss-projections";
 import { readState } from "@/lib/boss-data";
+import { jsonNoStore } from "@/lib/api-response";

 export async function GET(
  request: NextRequest,
@@ -9,13 +10,13 @@ export async function GET(
 ) {
  const session = await requireRequestSession(request);
  if (!session) {
-    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+    return jsonNoStore({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
  }
  const { folderKey } = await context.params;
  const state = await readState();
  const folder = getConversationFolderView(state, decodeURIComponent(folderKey));
  if (!folder) {
-    return NextResponse.json({ ok: false, message: "FOLDER_NOT_FOUND" }, { status: 404 });
+    return jsonNoStore({ ok: false, message: "FOLDER_NOT_FOUND" }, { status: 404 });
  }
-  return NextResponse.json({ ok: true, folder });
+  return jsonNoStore({ ok: true, folder });
 }
--- a/src/app/api/v1/conversations/home/route.ts
+++ b/src/app/api/v1/conversations/home/route.ts
@@ -1,15 +1,16 @@
-import { NextRequest, NextResponse } from "next/server";
+import { NextRequest } from "next/server";
 import { requireRequestSession } from "@/lib/boss-auth";
 import { getConversationHomeItems } from "@/lib/boss-projections";
 import { readState } from "@/lib/boss-data";
+import { jsonNoStore } from "@/lib/api-response";

 export async function GET(request: NextRequest) {
  const session = await requireRequestSession(request);
  if (!session) {
-    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+    return jsonNoStore({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
  }
  const state = await readState();
-  return NextResponse.json({
+  return jsonNoStore({
    ok: true,
    conversations: getConversationHomeItems(state),
  });
--- a/src/app/api/v1/conversations/route.ts
+++ b/src/app/api/v1/conversations/route.ts
@@ -1,15 +1,16 @@
-import { NextRequest, NextResponse } from "next/server";
+import { NextRequest } from "next/server";
 import { requireRequestSession } from "@/lib/boss-auth";
 import { getConversationItems } from "@/lib/boss-projections";
 import { readState } from "@/lib/boss-data";
+import { jsonNoStore } from "@/lib/api-response";

 export async function GET(request: NextRequest) {
  const session = await requireRequestSession(request);
  if (!session) {
-    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+    return jsonNoStore({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
  }
  const state = await readState();
-  return NextResponse.json({
+  return jsonNoStore({
    ok: true,
    conversations: getConversationItems(state),
  });
--- a/src/app/api/v1/devices/route.ts
+++ b/src/app/api/v1/devices/route.ts
@@ -1,18 +1,19 @@
-import { NextRequest, NextResponse } from "next/server";
+import { NextRequest } from "next/server";
 import { requireRequestSession } from "@/lib/boss-auth";
 import { getDeviceWorkspaceView } from "@/lib/boss-projections";
 import { readState } from "@/lib/boss-data";
+import { jsonNoStore } from "@/lib/api-response";

 export async function GET(request: NextRequest) {
  const session = await requireRequestSession(request);
  if (!session) {
-    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+    return jsonNoStore({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
  }
  const url = new URL(request.url);
  const deviceId = url.searchParams.get("device");
  const state = await readState();

-  return NextResponse.json({
+  return jsonNoStore({
    ok: true,
    devices: state.devices,
    enrollments: state.deviceEnrollments,
--- a/src/app/api/v1/projects/[projectId]/route.ts
+++ b/src/app/api/v1/projects/[projectId]/route.ts
@@ -1,7 +1,8 @@
-import { NextRequest, NextResponse } from "next/server";
+import { NextRequest } from "next/server";
 import { requireRequestSession } from "@/lib/boss-auth";
 import { getProjectDetailView } from "@/lib/boss-projections";
 import { readState } from "@/lib/boss-data";
+import { jsonNoStore } from "@/lib/api-response";

 export async function GET(
  request: NextRequest,
@@ -9,17 +10,17 @@ export async function GET(
 ) {
  const session = await requireRequestSession(request);
  if (!session) {
-    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+    return jsonNoStore({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
  }
  const { projectId } = await context.params;
  const state = await readState();
  const detail = getProjectDetailView(state, projectId, session.account);

  if (!detail) {
-    return NextResponse.json({ ok: false, message: "PROJECT_NOT_FOUND" }, { status: 404 });
+    return jsonNoStore({ ok: false, message: "PROJECT_NOT_FOUND" }, { status: 404 });
  }

-  return NextResponse.json({
+  return jsonNoStore({
    ok: true,
    ...detail,
  });
--- a/src/app/api/v1/settings/route.ts
+++ b/src/app/api/v1/settings/route.ts
@@ -1,14 +1,15 @@
 import { NextRequest, NextResponse } from "next/server";
 import { requireRequestSession } from "@/lib/boss-auth";
 import { readState, updateUserSettings } from "@/lib/boss-data";
+import { jsonNoStore } from "@/lib/api-response";

 export async function GET(request: NextRequest) {
  const session = await requireRequestSession(request);
  if (!session) {
-    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+    return jsonNoStore({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
  }
  const state = await readState();
-  return NextResponse.json({
+  return jsonNoStore({
    ok: true,
    settings: state.user.settings,
    user: state.user,
--- a/src/lib/api-response.ts
+++ b/src/lib/api-response.ts
@@ -0,0 +1,18 @@
+import { NextResponse } from "next/server";
+
+export const NO_STORE_JSON_HEADERS = {
+  "Cache-Control": "private, no-store, max-age=0",
+} as const;
+
+export function jsonNoStore(
+  body: Parameters<typeof NextResponse.json>[0],
+  init?: Parameters<typeof NextResponse.json>[1],
+) {
+  return NextResponse.json(body, {
+    ...init,
+    headers: {
+      ...NO_STORE_JSON_HEADERS,
+      ...(init?.headers ?? {}),
+    },
+  });
+}
--- a/tests/live-data-cache-headers.test.ts
+++ b/tests/live-data-cache-headers.test.ts
@@ -0,0 +1,107 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import os from "node:os";
+import path from "node:path";
+import { mkdtemp, rm } from "node:fs/promises";
+import { NextRequest } from "next/server";
+
+let runtimeRoot = "";
+let createAuthSession: (typeof import("../src/lib/boss-data"))["createAuthSession"];
+let AUTH_SESSION_COOKIE = "";
+let getConversationHomeRoute: (typeof import("../src/app/api/v1/conversations/home/route"))["GET"];
+let getConversationsRoute: (typeof import("../src/app/api/v1/conversations/route"))["GET"];
+let getFolderRoute: (typeof import("../src/app/api/v1/conversation-folders/[folderKey]/route"))["GET"];
+let getProjectDetailRoute: (typeof import("../src/app/api/v1/projects/[projectId]/route"))["GET"];
+let getDevicesRoute: (typeof import("../src/app/api/v1/devices/route"))["GET"];
+let getSettingsRoute: (typeof import("../src/app/api/v1/settings/route"))["GET"];
+
+async function setup() {
+  if (runtimeRoot) return;
+
+  runtimeRoot = await mkdtemp(path.join(os.tmpdir(), "boss-live-data-cache-headers-"));
+  process.env.BOSS_RUNTIME_ROOT = runtimeRoot;
+  process.env.BOSS_STATE_FILE = path.join(runtimeRoot, "boss-state.json");
+
+  const [homeRoute, conversationsRoute, folderRoute, projectRoute, devicesRoute, settingsRoute, dataModule, authModule] =
+    await Promise.all([
+      import("../src/app/api/v1/conversations/home/route.ts"),
+      import("../src/app/api/v1/conversations/route.ts"),
+      import("../src/app/api/v1/conversation-folders/[folderKey]/route.ts"),
+      import("../src/app/api/v1/projects/[projectId]/route.ts"),
+      import("../src/app/api/v1/devices/route.ts"),
+      import("../src/app/api/v1/settings/route.ts"),
+      import("../src/lib/boss-data.ts"),
+      import("../src/lib/boss-auth.ts"),
+    ]);
+
+  getConversationHomeRoute = homeRoute.GET;
+  getConversationsRoute = conversationsRoute.GET;
+  getFolderRoute = folderRoute.GET;
+  getProjectDetailRoute = projectRoute.GET;
+  getDevicesRoute = devicesRoute.GET;
+  getSettingsRoute = settingsRoute.GET;
+  createAuthSession = dataModule.createAuthSession;
+  AUTH_SESSION_COOKIE = authModule.AUTH_SESSION_COOKIE;
+}
+
+test.after(async () => {
+  if (runtimeRoot) {
+    await rm(runtimeRoot, { recursive: true, force: true });
+  }
+});
+
+async function createAuthedRequest(url: string) {
+  const session = await createAuthSession({
+    account: "17600003315",
+    role: "highest_admin",
+    displayName: "Boss 超级管理员",
+    loginMethod: "password",
+  });
+
+  return new NextRequest(url, {
+    method: "GET",
+    headers: {
+      cookie: `${AUTH_SESSION_COOKIE}=${session.sessionToken}`,
+    },
+  });
+}
+
+function assertNoStoreHeader(response: Response) {
+  assert.equal(response.headers.get("Cache-Control"), "private, no-store, max-age=0");
+}
+
+test("live conversation and device routes disable cache storage", async () => {
+  await setup();
+
+  const homeResponse = await getConversationHomeRoute(
+    await createAuthedRequest("http://127.0.0.1:3000/api/v1/conversations/home"),
+  );
+  assertNoStoreHeader(homeResponse);
+
+  const conversationsResponse = await getConversationsRoute(
+    await createAuthedRequest("http://127.0.0.1:3000/api/v1/conversations"),
+  );
+  assertNoStoreHeader(conversationsResponse);
+
+  const folderResponse = await getFolderRoute(
+    await createAuthedRequest("http://127.0.0.1:3000/api/v1/conversation-folders/mac-studio%3Aboss"),
+    { params: Promise.resolve({ folderKey: "mac-studio%3Aboss" }) },
+  );
+  assertNoStoreHeader(folderResponse);
+
+  const projectResponse = await getProjectDetailRoute(
+    await createAuthedRequest("http://127.0.0.1:3000/api/v1/projects/master-agent"),
+    { params: Promise.resolve({ projectId: "master-agent" }) },
+  );
+  assertNoStoreHeader(projectResponse);
+
+  const devicesResponse = await getDevicesRoute(
+    await createAuthedRequest("http://127.0.0.1:3000/api/v1/devices"),
+  );
+  assertNoStoreHeader(devicesResponse);
+
+  const settingsResponse = await getSettingsRoute(
+    await createAuthedRequest("http://127.0.0.1:3000/api/v1/settings"),
+  );
+  assertNoStoreHeader(settingsResponse);
+});