Check status and method

9 years ago · 304618df5b
4 changed files with 119 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -45,9 +45,9 @@ If `options.shared` is true (default), then response is evaluated from perspecti
 * `Cache-Control` response header
 * `Pragma` response header
 * `Age` response header
+* Default cacheability of statuses and methods

 ## Unimplemented

-* Request properties are not evaluated
 * `Vary` support is as lame and incomplete as in web browsers
 * No support for revalidation and stale responses
--- a/index.js
+++ b/index.js
@ -1,4 +1,10 @@
 'use strict';
+// rfc7231 6.1
+const statusCodeCacheableByDefault = [200, 203, 204, 206, 300, 301, 404, 405, 410, 414, 501];
+
+// This implementation does not understand partial responses (206)
+const understoodStatuses = [200, 204, 301, 302, 303, 404, 410, 501];
+

 function parseCacheControl(header) {
    const cc = {};
@ -46,6 +52,47 @@ CachePolicy.prototype = {
        return Date.now();
    },

+    storable() {
+        const status = (this._res.status === undefined) ? 200 : this._res.status;
+
+        // The "no-store" request directive indicates that a cache MUST NOT store any part of either this request or any response to it.
+        return !this._reqcc['no-store'] &&
+            // A cache MUST NOT store a response to any request, unless:
+            // The request method is understood by the cache and defined as being cacheable, and
+            (!this._req.method || 'GET' === this._req.method || 'HEAD' === this._req.method || ('POST' === this._req.method && this._hasExplicitExpiration())) &&
+            // the response status code is understood by the cache, and
+            understoodStatuses.includes(status) &&
+            // the "no-store" cache directive does not appear in request or response header fields, and
+            !this._rescc['no-store'] &&
+            // the "private" response directive does not appear in the response, if the cache is shared, and
+            (!this._isShared || !this._rescc.private) &&
+            // the Authorization header field does not appear in the request, if the cache is shared,
+            (!this._isShared || !this._req.headers['authorization'] || this._allowsStoringAuthenticated()) &&
+            // the response either:
+            (
+                // contains an Expires header field, or
+                this._res.headers.expires ||
+                // contains a max-age response directive, or
+                // contains a s-maxage response directive and the cache is shared, or
+                // contains a public response directive.
+                this._rescc.public || this._rescc['max-age'] || this._rescc['s-maxage'] ||
+                // has a status code that is defined as cacheable by default
+                statusCodeCacheableByDefault.includes(status)
+            );
+    },
+
+    _hasExplicitExpiration() {
+        // 4.2.1 Calculating Freshness Lifetime
+        return (this._isShared && this._rescc['s-maxage']) ||
+            this._rescc['max-age'] ||
+            this._res.headers.expires;
+    },
+
+    _allowsStoringAuthenticated() {
+        //  following Cache-Control response directives (Section 5.2.2) have such an effect: must-revalidate, public, and s-maxage.
+        return this._rescc['must-revalidate'] || this._rescc['public'] || this._rescc['s-maxage'];
+    },
+
    /**
     * Value of the Date response header or current time if Date was demed invalid
     * @return timestamp
@ -77,13 +124,13 @@ CachePolicy.prototype = {
    },

    maxAge() {
-        if (this._rescc['no-cache'] || this._rescc['no-store']) {
+        if (!this.storable() || this._rescc['no-cache']) {
            return 0;
        }

        // Shared responses with cookies are cacheable according to the RFC, but IMHO it'd be unwise to do so by default
        // so this implementation requires explicit opt-in via public header
-        if (this._isShared && (this._rescc['private'] || (this._res.headers['set-cookie'] && !this._rescc['public']))) {
+        if (this._isShared && (this._res.headers['set-cookie'] && !this._rescc['public'])) {
            return 0;
        }

--- a/test/requesttest.js
+++ b/test/requesttest.js
@ -0,0 +1,39 @@
+'use strict';
+
+const assert = require('assert');
+const CachePolicy = require('..');
+
+const publicCacheableResponse = {headers:{'cache-control': 'public, max-age=222'}};
+const cacheableResponse = {headers:{'cache-control': 'max-age=111'}};
+
+describe('Request properties', function() {
+    it('No store kills cache', function() {
+        const cache = new CachePolicy({method:'GET',headers:{'cache-control':'no-store'}}, publicCacheableResponse);
+        assert(!cache.isFresh());
+        assert(!cache.storable());
+    });
+
+    it('POST not cacheable by default', function() {
+        const cache = new CachePolicy({method:'POST',headers:{}}, {headers:{'cache-control': 'public'}});
+        assert(!cache.isFresh());
+        assert(!cache.storable());
+    });
+
+    it('POST cacheable explicitly', function() {
+        const cache = new CachePolicy({method:'POST',headers:{}}, publicCacheableResponse);
+        assert(cache.isFresh());
+        assert(cache.storable());
+    });
+
+    it('Public cacheable auth is OK', function() {
+        const cache = new CachePolicy({method:'GET',headers:{'authorization': 'test'}}, publicCacheableResponse);
+        assert(cache.isFresh());
+        assert(cache.storable());
+    });
+
+    it('Auth prevents caching by default', function() {
+        const cache = new CachePolicy({method:'GET',headers:{'authorization': 'test'}}, cacheableResponse);
+        assert(!cache.isFresh());
+        assert(!cache.storable());
+    });
+});
--- a/test/responsetest.js
+++ b/test/responsetest.js
@ -106,6 +106,16 @@ describe('Response headers', function() {
        assert.equal(0, cache.maxAge());
    });

+    it('uncacheable 503', function() {
+        const cache = new CachePolicy(req, {
+            status: 503,
+            headers:{
+                'cache-control': 'public, max-age=1000',
+            }});
+        assert(!cache.isFresh());
+        assert.equal(0, cache.maxAge());
+    });
+
    it('cacheable 301', function() {
        const cache = new CachePolicy(req, {
            status: 301,
@ -115,6 +125,16 @@ describe('Response headers', function() {
        assert(cache.isFresh());
    });

+    it('uncacheable 303', function() {
+        const cache = new CachePolicy(req, {
+            status: 303,
+            headers:{
+                'last-modified': 'Mon, 07 Mar 2016 11:52:56 GMT',
+            }});
+        assert(!cache.isFresh());
+        assert.equal(0, cache.maxAge());
+    });
+
    it('cacheable 303', function() {
        const cache = new CachePolicy(req, {
            status: 303,
@ -124,6 +144,16 @@ describe('Response headers', function() {
        assert(cache.isFresh());
    });

+    it('uncacheable 412', function() {
+        const cache = new CachePolicy(req, {
+            status: 412,
+            headers:{
+                'cache-control': 'public, max-age=1000',
+            }});
+        assert(!cache.isFresh());
+        assert.equal(0, cache.maxAge());
+    });
+
    it('expired expires cached with max-age', function() {
        const cache = new CachePolicy(req, {headers:{
            'cache-control': 'public, max-age=9999',