Use must-revalidate caching header

ghga-de · Jan 7, 2025 · 3dda642 · 3dda642
1 parent d7205e9
commit 3dda642
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 6 deletions.
diff --git a/src/wps/adapters/inbound/fastapi_/routes.py b/src/wps/adapters/inbound/fastapi_/routes.py
@@ -23,6 +23,7 @@
 
 from wps.adapters.inbound.fastapi_.auth import UserAuthContext, WorkPackageAccessToken
 from wps.adapters.inbound.fastapi_.dummies import WorkPackageRepositoryDummy
+from wps.constants import WORK_ORDER_TOKEN_VALID_SECONDS
 from wps.core.models import (
     Dataset,
     WorkPackageCreationData,
@@ -151,7 +152,9 @@ async def create_work_order_token(
             work_package_access_token=work_package_access_token,
         )
 
-        cache_control_header = {"Cache-Control": "max-age=30"}
+        cache_control_header = {
+            "Cache-Control": f"max-age={WORK_ORDER_TOKEN_VALID_SECONDS}, must-revalidate"
+        }
         return JSONResponse(content=wot, status_code=201, headers=cache_control_header)
     except repository.WorkPackageAccessError as error:
         raise HTTPException(status_code=403, detail=str(error)) from error

diff --git a/src/wps/constants.py b/src/wps/constants.py
@@ -0,0 +1,17 @@
+# Copyright 2021 - 2024 Universität Tübingen, DKFZ, EMBL, and Universität zu Köln
+# for the German Human Genome-Phenome Archive (GHGA)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Non-configurable values used in multiple modules"""
+
+WORK_ORDER_TOKEN_VALID_SECONDS = 30
diff --git a/src/wps/core/tokens.py b/src/wps/core/tokens.py
@@ -23,6 +23,7 @@
 from ghga_service_commons.utils.jwt_helpers import sign_and_serialize_token
 from jwcrypto import jwk
 
+from wps.constants import WORK_ORDER_TOKEN_VALID_SECONDS
 from wps.core.models import WorkOrderToken
 
 __all__ = [
@@ -34,7 +35,6 @@
 
 ACCESS_TOKEN_CHARSET = string.ascii_letters + string.digits
 ACCESS_TOKEN_LENGTH = 24
-WORK_ORDER_TOKEN_VALID_SECONDS = 30
 
 
 def generate_work_package_access_token() -> str:

diff --git a/tests/test_api.py b/tests/test_api.py
@@ -23,7 +23,7 @@
 from hexkit.providers.mongodb.testutils import MongoDbFixture
 from pytest_httpx import HTTPXMock
 
-from wps.core.tokens import WORK_ORDER_TOKEN_VALID_SECONDS
+from wps.constants import WORK_ORDER_TOKEN_VALID_SECONDS
 
 from .fixtures import (  # noqa: F401
     SIGNING_KEY_PAIR,
@@ -189,9 +189,9 @@ async def test_create_work_order_token(
     )
     assert response.status_code == status.HTTP_201_CREATED
     assert "Cache-Control" in response.headers
-    assert (
-        response.headers["Cache-Control"] == f"max-age={WORK_ORDER_TOKEN_VALID_SECONDS}"
-    )
+    cache_headers = response.headers["Cache-Control"].split(", ")
+    assert f"max-age={WORK_ORDER_TOKEN_VALID_SECONDS}" in cache_headers
+    assert "must-revalidate" in cache_headers
 
     wot = response.json()
     assert isinstance(wot, str)