From 64cdbe6c5578df1dc49d8e3dd72451ab0ac96bd2 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 20 Sep 2010 13:42:58 -0700 Subject: [PATCH] Ticket #2750: fixes to HTTP caching behavior across login/logout boundaries * now ignoring if-modified-since if we failed an etag if-none-match comparison, per spec * now including a hash of user id/nickname in most etags, so we'll update the view properly after login/logout For API methods, checking the API-auth'ed user. (Many change results to include things like 'you're subscribed to this user' or 'this is one of your favorites', so user info is again needed) There'll still be some last-modified stamps that aren't including user info properly, probably. --- actions/apidirectmessage.php | 1 + actions/apigrouplist.php | 1 + actions/apigrouplistall.php | 1 + actions/apigroupmembership.php | 1 + actions/apigroupshow.php | 1 + actions/apistatusesshow.php | 1 + actions/apisubscriptions.php | 1 + actions/apitimelinefavorites.php | 1 + actions/apitimelinefriends.php | 1 + actions/apitimelinegroup.php | 1 + actions/apitimelinehome.php | 1 + actions/apitimelinementions.php | 1 + actions/apitimelinepublic.php | 1 + actions/apitimelinetag.php | 1 + actions/apitimelineuser.php | 1 + actions/shownotice.php | 1 + lib/action.php | 15 ++++++++++----- lib/util.php | 23 +++++++++++++++++++++++ plugins/Autocomplete/autocomplete.php | 1 + 19 files changed, 50 insertions(+), 5 deletions(-) diff --git a/actions/apidirectmessage.php b/actions/apidirectmessage.php index 7a0f46274c..e7ea38dfa1 100644 --- a/actions/apidirectmessage.php +++ b/actions/apidirectmessage.php @@ -357,6 +357,7 @@ class ApiDirectMessageAction extends ApiAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), strtotime($this->messages[0]->created), strtotime($this->messages[$last]->created) diff --git a/actions/apigrouplist.php b/actions/apigrouplist.php index 148c802f43..319a1e424d 100644 --- a/actions/apigrouplist.php +++ b/actions/apigrouplist.php @@ -213,6 +213,7 @@ class ApiGroupListAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, strtotime($this->groups[0]->created), diff --git a/actions/apigrouplistall.php b/actions/apigrouplistall.php index a8317608d7..cc7cd901dc 100644 --- a/actions/apigrouplistall.php +++ b/actions/apigrouplistall.php @@ -204,6 +204,7 @@ class ApiGroupListAllAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), strtotime($this->groups[0]->created), strtotime($this->groups[$last]->created)) diff --git a/actions/apigroupmembership.php b/actions/apigroupmembership.php index ffd5c7c7d5..b7f3064b5a 100644 --- a/actions/apigroupmembership.php +++ b/actions/apigroupmembership.php @@ -183,6 +183,7 @@ class ApiGroupMembershipAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->group->id, strtotime($this->profiles[0]->created), diff --git a/actions/apigroupshow.php b/actions/apigroupshow.php index 2998e505e2..9b90e6b383 100644 --- a/actions/apigroupshow.php +++ b/actions/apigroupshow.php @@ -149,6 +149,7 @@ class ApiGroupShowAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->group->id, strtotime($this->group->modified)) diff --git a/actions/apistatusesshow.php b/actions/apistatusesshow.php index 476820a43d..84f8079db5 100644 --- a/actions/apistatusesshow.php +++ b/actions/apistatusesshow.php @@ -194,6 +194,7 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->notice->id, strtotime($this->notice->created)) diff --git a/actions/apisubscriptions.php b/actions/apisubscriptions.php index 63d65f2893..749d16f067 100644 --- a/actions/apisubscriptions.php +++ b/actions/apisubscriptions.php @@ -181,6 +181,7 @@ class ApiSubscriptionsAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, isset($this->ids_only) ? 'IDs' : 'Profiles', diff --git a/actions/apitimelinefavorites.php b/actions/apitimelinefavorites.php index 7228960c0b..f5ce5d2fd4 100644 --- a/actions/apitimelinefavorites.php +++ b/actions/apitimelinefavorites.php @@ -259,6 +259,7 @@ class ApiTimelineFavoritesAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, strtotime($this->notices[0]->created), diff --git a/actions/apitimelinefriends.php b/actions/apitimelinefriends.php index 40ce35979b..c96391c129 100644 --- a/actions/apitimelinefriends.php +++ b/actions/apitimelinefriends.php @@ -346,6 +346,7 @@ class ApiTimelineFriendsAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, strtotime($this->notices[0]->created), diff --git a/actions/apitimelinegroup.php b/actions/apitimelinegroup.php index 7a40fd8084..5138a4b5e1 100644 --- a/actions/apitimelinegroup.php +++ b/actions/apitimelinegroup.php @@ -229,6 +229,7 @@ class ApiTimelineGroupAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->group->id, strtotime($this->notices[0]->created), diff --git a/actions/apitimelinehome.php b/actions/apitimelinehome.php index 27eb741691..1ceb3d902b 100644 --- a/actions/apitimelinehome.php +++ b/actions/apitimelinehome.php @@ -254,6 +254,7 @@ class ApiTimelineHomeAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, strtotime($this->notices[0]->created), diff --git a/actions/apitimelinementions.php b/actions/apitimelinementions.php index ed1ad20e32..354dc58b68 100644 --- a/actions/apitimelinementions.php +++ b/actions/apitimelinementions.php @@ -244,6 +244,7 @@ class ApiTimelineMentionsAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, strtotime($this->notices[0]->created), diff --git a/actions/apitimelinepublic.php b/actions/apitimelinepublic.php index f901642882..0119b504a7 100644 --- a/actions/apitimelinepublic.php +++ b/actions/apitimelinepublic.php @@ -311,6 +311,7 @@ class ApiTimelinePublicAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), strtotime($this->notices[0]->created), strtotime($this->notices[$last]->created)) diff --git a/actions/apitimelinetag.php b/actions/apitimelinetag.php index c7ec172aeb..712703694f 100644 --- a/actions/apitimelinetag.php +++ b/actions/apitimelinetag.php @@ -232,6 +232,7 @@ class ApiTimelineTagAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->tag, strtotime($this->notices[0]->created), diff --git a/actions/apitimelineuser.php b/actions/apitimelineuser.php index 17a2836639..0c97aad21c 100644 --- a/actions/apitimelineuser.php +++ b/actions/apitimelineuser.php @@ -234,6 +234,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, strtotime($this->notices[0]->created), diff --git a/actions/shownotice.php b/actions/shownotice.php index 9c5d83441b..86df5f9f30 100644 --- a/actions/shownotice.php +++ b/actions/shownotice.php @@ -151,6 +151,7 @@ class ShownoticeAction extends OwnerDesignAction strtotime($this->avatar->modified) : 0; return 'W/"' . implode(':', array($this->arg('action'), + common_user_cache_hash(), common_language(), $this->notice->id, strtotime($this->notice->created), diff --git a/lib/action.php b/lib/action.php index 5c4b4a7b7d..5dcf78dcc9 100644 --- a/lib/action.php +++ b/lib/action.php @@ -1018,17 +1018,22 @@ class Action extends HTMLOutputter // lawsuit } } + $checked = false; if ($etag) { $if_none_match = (array_key_exists('HTTP_IF_NONE_MATCH', $_SERVER)) ? $_SERVER['HTTP_IF_NONE_MATCH'] : null; - if ($if_none_match && $this->_hasEtag($etag, $if_none_match)) { - header('HTTP/1.1 304 Not Modified'); - // Better way to do this? - exit(0); + if ($if_none_match) { + // If this check fails, ignore the if-modified-since below. + $checked = true; + if ($this->_hasEtag($etag, $if_none_match)) { + header('HTTP/1.1 304 Not Modified'); + // Better way to do this? + exit(0); + } } } - if ($lm && array_key_exists('HTTP_IF_MODIFIED_SINCE', $_SERVER)) { + if (!$checked && $lm && array_key_exists('HTTP_IF_MODIFIED_SINCE', $_SERVER)) { $if_modified_since = $_SERVER['HTTP_IF_MODIFIED_SINCE']; $ims = strtotime($if_modified_since); if ($lm <= $ims) { diff --git a/lib/util.php b/lib/util.php index 6d2e99b2ae..e0457140e2 100644 --- a/lib/util.php +++ b/lib/util.php @@ -494,6 +494,29 @@ function common_is_real_login() return common_logged_in() && $_SESSION['real_login']; } +/** + * Get a hash portion for HTTP caching Etags and such including + * info on the current user's session. If login/logout state changes, + * or we've changed accounts, or we've renamed the current user, + * we'll get a new hash value. + * + * This should not be considered secure information. + * + * @param User $user (optional; uses common_current_user() if left out) + * @return string + */ +function common_user_cache_hash($user=false) +{ + if ($user === false) { + $user = common_current_user(); + } + if ($user) { + return crc32($user->id . ':' . $user->nickname); + } else { + return '0'; + } +} + // get canonical version of nickname for comparison function common_canonical_nickname($nickname) { diff --git a/plugins/Autocomplete/autocomplete.php b/plugins/Autocomplete/autocomplete.php index 5a010572f6..a4e2d9baa4 100644 --- a/plugins/Autocomplete/autocomplete.php +++ b/plugins/Autocomplete/autocomplete.php @@ -79,6 +79,7 @@ class AutocompleteAction extends Action function etag() { return '"' . implode(':', array($this->arg('action'), + common_user_cache_hash(), crc32($this->arg('q')), //the actual string can have funny characters in we don't want showing up in the etag $this->arg('limit'), $this->lastModified())) . '"';