Skip to content

Move auth check to frontend for CDN-friendly caching#1253

Open
zhangzhenghao wants to merge 1 commit intogorse-io:masterfrom
zhangzhenghao:frontend-auth-check
Open

Move auth check to frontend for CDN-friendly caching#1253
zhangzhenghao wants to merge 1 commit intogorse-io:masterfrom
zhangzhenghao:frontend-auth-check

Conversation

@zhangzhenghao
Copy link
Copy Markdown
Contributor

@zhangzhenghao zhangzhenghao commented Apr 25, 2026

Summary

This PR moves authentication check from backend to frontend for CDN-friendly caching, following the same pattern as gitrec PR #166.

Backend Changes

  1. Remove login check from dashboard handler

    • The dashboard function now serves static files directly without checking login status
    • Frontend handles authentication check before rendering protected pages

  2. Add /api/me endpoint

    • Returns {is_authenticated: true/false, user_info: {...}}
    • No login required - frontend uses this to check auth state
    • Works with both OIDC and basic auth modes

  3. Add CacheControlFilter

    • Sets Cache-Control: private, no-store, no-cache, must-revalidate for all API endpoints
    • Prevents CDN from caching dynamic API responses

Benefits

  • CDN-friendly: Dashboard pages return static files that can be safely cached by CDN edge nodes
  • Reduced backend load: Static file serving can be handled by CDN
  • Better performance: Users get faster page loads from CDN cache
  • Security: API endpoints explicitly disable caching to protect user data

Frontend Changes (Required)

Frontend repository (gorse-io/dashboard) needs to be updated separately to:

  1. Add router guard that calls /api/me before accessing protected routes
  2. Redirect to /login if is_authenticated is false

Testing

# Build and verify
go build ./master/

# Test /api/me endpoint
curl http://localhost:8088/api/me
# Expected: {"is_authenticated": false, "user_info": null}

# After login
curl http://localhost:8088/api/me --cookie "session=..."
# Expected: {"is_authenticated": true, "user_info": {"name": "admin"}}

@zhenghaoz
Move auth check to frontend for CDN-friendly caching
c4b6bcb 
- Backend: Remove login check from dashboard handler, serve static files directly
- Backend: Add CacheControlFilter to disable CDN caching for all API endpoints
- Frontend can use existing /api/dashboard/userinfo to check auth status (200=logged in, 401=not logged in)

This change makes dashboard pages return static files that can be safely cached
by CDN, while authentication logic is handled by the frontend.
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 25, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.96%. Comparing base (2241300) to head (c4b6bcb).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1253      +/-   ##
==========================================
- Coverage   73.01%   72.96%   -0.05%     
==========================================
  Files          91       91              
  Lines       16694    16734      +40     
==========================================
+ Hits        12189    12210      +21     
- Misses       3262     3280      +18     
- Partials     1243     1244       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zhangzhenghao @zhenghaoz