Disable cache storage on live JSON routes

src/app/api/v1/conversation-folders/[folderKey]/route.ts

@@ -1,7 +1,8 @@
-import { NextRequest, NextResponse } from "next/server";
+import { NextRequest } from "next/server";
 import { requireRequestSession } from "@/lib/boss-auth";
 import { getConversationFolderView } from "@/lib/boss-projections";
 import { readState } from "@/lib/boss-data";
+import { jsonNoStore } from "@/lib/api-response";
 
 export async function GET(
   request: NextRequest,
@@ -9,13 +10,13 @@ export async function GET(
 ) {
   const session = await requireRequestSession(request);
   if (!session) {
-    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+    return jsonNoStore({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
   }
   const { folderKey } = await context.params;
   const state = await readState();
   const folder = getConversationFolderView(state, decodeURIComponent(folderKey));
   if (!folder) {
-    return NextResponse.json({ ok: false, message: "FOLDER_NOT_FOUND" }, { status: 404 });
+    return jsonNoStore({ ok: false, message: "FOLDER_NOT_FOUND" }, { status: 404 });
   }
-  return NextResponse.json({ ok: true, folder });
+  return jsonNoStore({ ok: true, folder });
 }

src/app/api/v1/conversations/home/route.ts

@@ -1,15 +1,16 @@
-import { NextRequest, NextResponse } from "next/server";
+import { NextRequest } from "next/server";
 import { requireRequestSession } from "@/lib/boss-auth";
 import { getConversationHomeItems } from "@/lib/boss-projections";
 import { readState } from "@/lib/boss-data";
+import { jsonNoStore } from "@/lib/api-response";
 
 export async function GET(request: NextRequest) {
   const session = await requireRequestSession(request);
   if (!session) {
-    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+    return jsonNoStore({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
   }
   const state = await readState();
-  return NextResponse.json({
+  return jsonNoStore({
     ok: true,
     conversations: getConversationHomeItems(state),
   });

src/app/api/v1/conversations/route.ts

@@ -1,15 +1,16 @@
-import { NextRequest, NextResponse } from "next/server";
+import { NextRequest } from "next/server";
 import { requireRequestSession } from "@/lib/boss-auth";
 import { getConversationItems } from "@/lib/boss-projections";
 import { readState } from "@/lib/boss-data";
+import { jsonNoStore } from "@/lib/api-response";
 
 export async function GET(request: NextRequest) {
   const session = await requireRequestSession(request);
   if (!session) {
-    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+    return jsonNoStore({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
   }
   const state = await readState();
-  return NextResponse.json({
+  return jsonNoStore({
     ok: true,
     conversations: getConversationItems(state),
   });

src/app/api/v1/devices/route.ts

@@ -1,18 +1,19 @@
-import { NextRequest, NextResponse } from "next/server";
+import { NextRequest } from "next/server";
 import { requireRequestSession } from "@/lib/boss-auth";
 import { getDeviceWorkspaceView } from "@/lib/boss-projections";
 import { readState } from "@/lib/boss-data";
+import { jsonNoStore } from "@/lib/api-response";
 
 export async function GET(request: NextRequest) {
   const session = await requireRequestSession(request);
   if (!session) {
-    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+    return jsonNoStore({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
   }
   const url = new URL(request.url);
   const deviceId = url.searchParams.get("device");
   const state = await readState();
 
-  return NextResponse.json({
+  return jsonNoStore({
     ok: true,
     devices: state.devices,
     enrollments: state.deviceEnrollments,

src/app/api/v1/projects/[projectId]/route.ts

@@ -1,7 +1,8 @@
-import { NextRequest, NextResponse } from "next/server";
+import { NextRequest } from "next/server";
 import { requireRequestSession } from "@/lib/boss-auth";
 import { getProjectDetailView } from "@/lib/boss-projections";
 import { readState } from "@/lib/boss-data";
+import { jsonNoStore } from "@/lib/api-response";
 
 export async function GET(
   request: NextRequest,
@@ -9,17 +10,17 @@ export async function GET(
 ) {
   const session = await requireRequestSession(request);
   if (!session) {
-    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+    return jsonNoStore({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
   }
   const { projectId } = await context.params;
   const state = await readState();
   const detail = getProjectDetailView(state, projectId, session.account);
 
   if (!detail) {
-    return NextResponse.json({ ok: false, message: "PROJECT_NOT_FOUND" }, { status: 404 });
+    return jsonNoStore({ ok: false, message: "PROJECT_NOT_FOUND" }, { status: 404 });
   }
 
-  return NextResponse.json({
+  return jsonNoStore({
     ok: true,
     ...detail,
   });

src/app/api/v1/settings/route.ts

@@ -1,14 +1,15 @@
 import { NextRequest, NextResponse } from "next/server";
 import { requireRequestSession } from "@/lib/boss-auth";
 import { readState, updateUserSettings } from "@/lib/boss-data";
+import { jsonNoStore } from "@/lib/api-response";
 
 export async function GET(request: NextRequest) {
   const session = await requireRequestSession(request);
   if (!session) {
-    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+    return jsonNoStore({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
   }
   const state = await readState();
-  return NextResponse.json({
+  return jsonNoStore({
     ok: true,
     settings: state.user.settings,
     user: state.user,

src/lib/api-response.ts

@@ -0,0 +1,18 @@
+import { NextResponse } from "next/server";
+
+export const NO_STORE_JSON_HEADERS = {
+  "Cache-Control": "private, no-store, max-age=0",
+} as const;
+
+export function jsonNoStore(
+  body: Parameters<typeof NextResponse.json>[0],
+  init?: Parameters<typeof NextResponse.json>[1],
+) {
+  return NextResponse.json(body, {
+    ...init,
+    headers: {
+      ...NO_STORE_JSON_HEADERS,
+      ...(init?.headers ?? {}),
+    },
+  });
+}