diff --git a/apps/web/app/api/auth/[...nextauth]/route.ts b/apps/web/app/api/auth/[...nextauth]/route.ts index 2e92566b35..97c039fc37 100644 --- a/apps/web/app/api/auth/[...nextauth]/route.ts +++ b/apps/web/app/api/auth/[...nextauth]/route.ts @@ -1,6 +1,8 @@ import NextAuth from "next-auth"; import { authOptions } from "@formbricks/lib/authOptions"; +export const fetchCache = "force-no-store"; + const handler = NextAuth(authOptions); export { handler as GET, handler as POST }; diff --git a/apps/web/app/api/v1/integrations/airtable/tables/route.ts b/apps/web/app/api/v1/integrations/airtable/tables/route.ts index 1d79b3cbd1..f72eb24ac8 100644 --- a/apps/web/app/api/v1/integrations/airtable/tables/route.ts +++ b/apps/web/app/api/v1/integrations/airtable/tables/route.ts @@ -16,7 +16,7 @@ export const GET = async (req: NextRequest) => { const baseId = z.string().safeParse(queryParams.get("baseId")); if (!baseId.success) { - return responses.missingFieldResponse("Base Id is Required"); + return responses.badRequestResponse("Base Id is Required"); } if (!session) { diff --git a/apps/web/app/lib/api/response.ts b/apps/web/app/lib/api/response.ts index ceef121467..3ab734e335 100644 --- a/apps/web/app/lib/api/response.ts +++ b/apps/web/app/lib/api/response.ts @@ -30,8 +30,18 @@ const corsHeaders = { "Access-Control-Allow-Headers": "Content-Type, Authorization", }; -const goneResponse = (message: string, details?: { [key: string]: string }, cors: boolean = false) => - Response.json( +const goneResponse = ( + message: string, + details?: { [key: string]: string }, + cors: boolean = false, + cache: string = "private, no-store" +) => { + const headers = { + ...(cors && corsHeaders), + "Cache-Control": cache, + }; + + return Response.json( { code: "gone", message, @@ -39,12 +49,23 @@ const goneResponse = (message: string, details?: { [key: string]: string }, cors } as ApiErrorResponse, { status: 410, - ...(cors && { headers: corsHeaders }), + headers, } ); +}; -const badRequestResponse = (message: string, details?: { [key: string]: string }, cors: boolean = false) => - Response.json( +const badRequestResponse = ( + message: string, + details?: { [key: string]: string }, + cors: boolean = false, + cache: string = "private, no-store" +) => { + const headers = { + ...(cors && corsHeaders), + "Cache-Control": cache, + }; + + return Response.json( { code: "bad_request", message, @@ -52,25 +73,23 @@ const badRequestResponse = (message: string, details?: { [key: string]: string } } as ApiErrorResponse, { status: 400, - ...(cors && { headers: corsHeaders }), + headers, } ); - -const missingFieldResponse = (field: string, cors: boolean = false) => - badRequestResponse( - `Missing ${field}`, - { - missing_field: field, - }, - cors - ); +}; const methodNotAllowedResponse = ( res: CustomNextApiResponse, allowedMethods: string[], - cors: boolean = false -) => - Response.json( + cors: boolean = false, + cache: string = "private, no-store" +) => { + const headers = { + ...(cors && corsHeaders), + "Cache-Control": cache, + }; + + return Response.json( { code: "method_not_allowed", message: `The HTTP ${res.req?.method} method is not supported by this route.`, @@ -80,9 +99,10 @@ const methodNotAllowedResponse = ( } as ApiErrorResponse, { status: 405, - ...(cors && { headers: corsHeaders }), + headers, } ); +}; const notFoundResponse = ( resourceType: string, @@ -111,8 +131,13 @@ const notFoundResponse = ( ); }; -const notAuthenticatedResponse = (cors: boolean = false) => - Response.json( +const notAuthenticatedResponse = (cors: boolean = false, cache: string = "private, no-store") => { + const headers = { + ...(cors && corsHeaders), + "Cache-Control": cache, + }; + + return Response.json( { code: "not_authenticated", message: "Not authenticated", @@ -122,12 +147,18 @@ const notAuthenticatedResponse = (cors: boolean = false) => } as ApiErrorResponse, { status: 401, - ...(cors && { headers: corsHeaders }), + headers, } ); +}; -const unauthorizedResponse = (cors: boolean = false) => - Response.json( +const unauthorizedResponse = (cors: boolean = false, cache: string = "private, no-store") => { + const headers = { + ...(cors && corsHeaders), + "Cache-Control": cache, + }; + + return Response.json( { code: "unauthorized", message: "You are not authorized to access this resource", @@ -135,16 +166,23 @@ const unauthorizedResponse = (cors: boolean = false) => } as ApiErrorResponse, { status: 401, - ...(cors && { headers: corsHeaders }), + headers, } ); +}; const forbiddenResponse = ( message: string, cors: boolean = false, - details: ApiErrorResponse["details"] = {} -) => - Response.json( + details: ApiErrorResponse["details"] = {}, + cache: string = "private, no-store" +) => { + const headers = { + ...(cors && corsHeaders), + "Cache-Control": cache, + }; + + return Response.json( { code: "forbidden", message, @@ -152,9 +190,10 @@ const forbiddenResponse = ( } as ApiErrorResponse, { status: 403, - ...(cors && { headers: corsHeaders }), + headers, } ); +}; const successResponse = (data: Object, cors: boolean = false, cache: string = "private, no-store") => { const headers = { @@ -223,7 +262,6 @@ export const responses = { goneResponse, badRequestResponse, internalServerErrorResponse, - missingFieldResponse, methodNotAllowedResponse, notAuthenticatedResponse, unauthorizedResponse,