fix: cache headers (#2834)

2026-03-01 12:00:02 -06:00 · 2024-07-02 12:16:26 +05:30
parent 1f4b23b105
commit c32a358f43
3 changed files with 71 additions and 31 deletions
--- a/apps/web/app/api/auth/[...nextauth]/route.ts
+++ b/apps/web/app/api/auth/[...nextauth]/route.ts
@@ -1,6 +1,8 @@
 import NextAuth from "next-auth";
 import { authOptions } from "@formbricks/lib/authOptions";

+export const fetchCache = "force-no-store";
+
 const handler = NextAuth(authOptions);

 export { handler as GET, handler as POST };
--- a/apps/web/app/api/v1/integrations/airtable/tables/route.ts
+++ b/apps/web/app/api/v1/integrations/airtable/tables/route.ts
@@ -16,7 +16,7 @@ export const GET = async (req: NextRequest) => {
  const baseId = z.string().safeParse(queryParams.get("baseId"));

  if (!baseId.success) {
-    return responses.missingFieldResponse("Base Id is Required");
+    return responses.badRequestResponse("Base Id is Required");
  }

  if (!session) {
--- a/apps/web/app/lib/api/response.ts
+++ b/apps/web/app/lib/api/response.ts
@@ -30,8 +30,18 @@ const corsHeaders = {
  "Access-Control-Allow-Headers": "Content-Type, Authorization",
 };

-const goneResponse = (message: string, details?: { [key: string]: string }, cors: boolean = false) =>
-  Response.json(
+const goneResponse = (
+  message: string,
+  details?: { [key: string]: string },
+  cors: boolean = false,
+  cache: string = "private, no-store"
+) => {
+  const headers = {
+    ...(cors && corsHeaders),
+    "Cache-Control": cache,
+  };
+
+  return Response.json(
    {
      code: "gone",
      message,
@@ -39,12 +49,23 @@ const goneResponse = (message: string, details?: { [key: string]: string }, cors
    } as ApiErrorResponse,
    {
      status: 410,
-      ...(cors && { headers: corsHeaders }),
+      headers,
    }
  );
+};

-const badRequestResponse = (message: string, details?: { [key: string]: string }, cors: boolean = false) =>
-  Response.json(
+const badRequestResponse = (
+  message: string,
+  details?: { [key: string]: string },
+  cors: boolean = false,
+  cache: string = "private, no-store"
+) => {
+  const headers = {
+    ...(cors && corsHeaders),
+    "Cache-Control": cache,
+  };
+
+  return Response.json(
    {
      code: "bad_request",
      message,
@@ -52,25 +73,23 @@ const badRequestResponse = (message: string, details?: { [key: string]: string }
    } as ApiErrorResponse,
    {
      status: 400,
-      ...(cors && { headers: corsHeaders }),
+      headers,
    }
  );
-
-const missingFieldResponse = (field: string, cors: boolean = false) =>
-  badRequestResponse(
-    `Missing ${field}`,
-    {
-      missing_field: field,
-    },
-    cors
-  );
+};

 const methodNotAllowedResponse = (
  res: CustomNextApiResponse,
  allowedMethods: string[],
-  cors: boolean = false
-) =>
-  Response.json(
+  cors: boolean = false,
+  cache: string = "private, no-store"
+) => {
+  const headers = {
+    ...(cors && corsHeaders),
+    "Cache-Control": cache,
+  };
+
+  return Response.json(
    {
      code: "method_not_allowed",
      message: `The HTTP ${res.req?.method} method is not supported by this route.`,
@@ -80,9 +99,10 @@ const methodNotAllowedResponse = (
    } as ApiErrorResponse,
    {
      status: 405,
-      ...(cors && { headers: corsHeaders }),
+      headers,
    }
  );
+};

 const notFoundResponse = (
  resourceType: string,
@@ -111,8 +131,13 @@ const notFoundResponse = (
  );
 };

-const notAuthenticatedResponse = (cors: boolean = false) =>
-  Response.json(
+const notAuthenticatedResponse = (cors: boolean = false, cache: string = "private, no-store") => {
+  const headers = {
+    ...(cors && corsHeaders),
+    "Cache-Control": cache,
+  };
+
+  return Response.json(
    {
      code: "not_authenticated",
      message: "Not authenticated",
@@ -122,12 +147,18 @@ const notAuthenticatedResponse = (cors: boolean = false) =>
    } as ApiErrorResponse,
    {
      status: 401,
-      ...(cors && { headers: corsHeaders }),
+      headers,
    }
  );
+};

-const unauthorizedResponse = (cors: boolean = false) =>
-  Response.json(
+const unauthorizedResponse = (cors: boolean = false, cache: string = "private, no-store") => {
+  const headers = {
+    ...(cors && corsHeaders),
+    "Cache-Control": cache,
+  };
+
+  return Response.json(
    {
      code: "unauthorized",
      message: "You are not authorized to access this resource",
@@ -135,16 +166,23 @@ const unauthorizedResponse = (cors: boolean = false) =>
    } as ApiErrorResponse,
    {
      status: 401,
-      ...(cors && { headers: corsHeaders }),
+      headers,
    }
  );
+};

 const forbiddenResponse = (
  message: string,
  cors: boolean = false,
-  details: ApiErrorResponse["details"] = {}
-) =>
-  Response.json(
+  details: ApiErrorResponse["details"] = {},
+  cache: string = "private, no-store"
+) => {
+  const headers = {
+    ...(cors && corsHeaders),
+    "Cache-Control": cache,
+  };
+
+  return Response.json(
    {
      code: "forbidden",
      message,
@@ -152,9 +190,10 @@ const forbiddenResponse = (
    } as ApiErrorResponse,
    {
      status: 403,
-      ...(cors && { headers: corsHeaders }),
+      headers,
    }
  );
+};

 const successResponse = (data: Object, cors: boolean = false, cache: string = "private, no-store") => {
  const headers = {
@@ -223,7 +262,6 @@ export const responses = {
  goneResponse,
  badRequestResponse,
  internalServerErrorResponse,
-  missingFieldResponse,
  methodNotAllowedResponse,
  notAuthenticatedResponse,
  unauthorizedResponse,