Merge pull request #17 from eu-digital-green-certificates/fix/nocache

add no cache to all controllers
eu-digital-green-certificates · Sep 22, 2021 · a0dae5c · a0dae5c
2 parents e8307f5 + 7afba04
commit a0dae5c
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 21 deletions.
diff --git a/src/main/java/eu/europa/ec/dgc/validation/decorator/controller/CallbackController.java b/src/main/java/eu/europa/ec/dgc/validation/decorator/controller/CallbackController.java
@@ -30,6 +30,7 @@
 import javax.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.CacheControl;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -77,9 +78,13 @@ public ResponseEntity callback(
             if (tokenContent.containsKey("sub") && tokenContent.get("sub") instanceof String) {
 
                 this.backendService.saveResult(subject, request);
-                return ResponseEntity.ok().build();
+                return ResponseEntity.ok()
+                        .cacheControl(CacheControl.noCache())
+                        .build();
             }
         }
-        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+        return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .cacheControl(CacheControl.noCache())
+                .build();
     }
 }
diff --git a/src/main/java/eu/europa/ec/dgc/validation/decorator/controller/DccTokenController.java b/src/main/java/eu/europa/ec/dgc/validation/decorator/controller/DccTokenController.java
@@ -31,6 +31,7 @@
 import javax.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.CacheControl;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
@@ -84,9 +85,14 @@ public ResponseEntity<String> token(
 
                 final HttpHeaders headers = new HttpHeaders();
                 headers.set("X-Nonce", accessTockenPayload.getNonce());
-                return ResponseEntity.ok().headers(headers).body(accessToken);
+                return ResponseEntity.ok()
+                        .headers(headers)
+                        .cacheControl(CacheControl.noCache())
+                        .body(accessToken);
             }
         }
-        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+        return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .cacheControl(CacheControl.noCache())
+                .build();
     }
 }
diff --git a/src/main/java/eu/europa/ec/dgc/validation/decorator/controller/IdentityController.java b/src/main/java/eu/europa/ec/dgc/validation/decorator/controller/IdentityController.java
@@ -27,7 +27,9 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.CacheControl;
 import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RestController;
@@ -37,11 +39,11 @@
 @RequiredArgsConstructor
 public class IdentityController {
 
-    public static final String PATH_ALL = "/identity";
-    
-    private static final String PATH_ELEMENT = "/identity/{element}";
-    
-    private static final String PATH_ELEMENT_TYPE = "/identity/{element}/{type}";
+    static final String PATH_ALL = "/identity";
+
+    static final String PATH_ELEMENT = "/identity/{element}";
+
+    static final String PATH_ELEMENT_TYPE = "/identity/{element}/{type}";
 
     private final IdentityService identityService;
 
@@ -61,12 +63,14 @@ public class IdentityController {
         @ApiResponse(responseCode = "404", description = "Not Found"),
         @ApiResponse(responseCode = "500", description = "Internal Server Error"),
     })
-    @GetMapping(value = {PATH_ALL, PATH_ELEMENT, PATH_ELEMENT_TYPE}, produces = MediaType.APPLICATION_JSON_VALUE)
-    public IdentityResponse identity(
+    @GetMapping(value = { PATH_ALL, PATH_ELEMENT, PATH_ELEMENT_TYPE }, produces = MediaType.APPLICATION_JSON_VALUE)
+    public ResponseEntity<IdentityResponse> identity(
             @PathVariable(name = "element", required = false) final String element,
             @PathVariable(name = "type", required = false) final String type) {
         log.debug("Incoming GET request to '{}' with element '{}' and type '{}'", PATH_ELEMENT_TYPE, element, type);
 
-        return identityService.getIdentity(element, type);
+        return ResponseEntity.ok()
+                .cacheControl(CacheControl.noCache())
+                .body(identityService.getIdentity(element, type));
     }
 }
diff --git a/src/main/java/eu/europa/ec/dgc/validation/decorator/controller/InitializeController.java b/src/main/java/eu/europa/ec/dgc/validation/decorator/controller/InitializeController.java
@@ -27,7 +27,9 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.CacheControl;
 import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RestController;
@@ -38,7 +40,7 @@
 public class InitializeController {
 
     private static final String PATH = "/initialize/{subject}";
-    
+
     private final InitializeService initializeService;
 
     /**
@@ -57,9 +59,12 @@ public class InitializeController {
         @ApiResponse(responseCode = "500", description = "Internal Server Error"),
     })
     @GetMapping(value = PATH, produces = MediaType.APPLICATION_JSON_VALUE)
-    public QrCodeDto initialize(@PathVariable(value = "subject", required = true) final String subject) {
+    public ResponseEntity<QrCodeDto> initialize(
+            @PathVariable(value = "subject", required = true) final String subject) {
         log.debug("Incoming GET request to '{}' with subject '{}'", PATH, subject);
-
-        return initializeService.getBySubject(subject); 
+
+        return ResponseEntity.ok()
+                .cacheControl(CacheControl.noCache())
+                .body(initializeService.getBySubject(subject));
     }
 }
diff --git a/src/main/java/eu/europa/ec/dgc/validation/decorator/controller/RejectController.java b/src/main/java/eu/europa/ec/dgc/validation/decorator/controller/RejectController.java
@@ -26,6 +26,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.CacheControl;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -58,8 +59,12 @@ public ResponseEntity reject(@RequestHeader("Authorization") final String token)
         log.debug("Incoming GET request to '{}' with token '{}'", PATH, token);
 
         if (accessTokenService.isValid(token)) {
-            return ResponseEntity.ok().build();
+            return ResponseEntity.ok()
+                    .cacheControl(CacheControl.noCache())
+                    .build();
         }
-        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+        return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .cacheControl(CacheControl.noCache())
+                .build();
     }
 }
diff --git a/...ain/java/eu/europa/ec/dgc/validation/decorator/controller/ValidationStatusController.java b/...ain/java/eu/europa/ec/dgc/validation/decorator/controller/ValidationStatusController.java
@@ -30,6 +30,7 @@
 import java.util.Map;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.CacheControl;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -73,11 +74,17 @@ public ResponseEntity<ResultToken> status(@RequestHeader("Authorization") final
                 final String subject = (String) tokenContent.get("sub");
                 final ValidationServiceStatusResponse status = this.validationStatusService.determineStatus(subject);
                 if (status.getResultToken() != null) {
-                    return ResponseEntity.status(status.getHttpStatusCode()).body(status.getResultToken());
+                    return ResponseEntity.status(status.getHttpStatusCode())
+                            .cacheControl(CacheControl.noCache())
+                            .body(status.getResultToken());
                 }
-                return ResponseEntity.status(status.getHttpStatusCode()).build();
+                return ResponseEntity.status(status.getHttpStatusCode())
+                        .cacheControl(CacheControl.noCache())
+                        .build();
             }
         }
-        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+        return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .cacheControl(CacheControl.noCache())
+                .build();
     }
 }