Disable Caching

samuelzoroo · Jun 28, 2018 · bdf7e28 · bdf7e28
1 parent 1b40bc1
commit bdf7e28
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/src/server_manager/electron_app/digitalocean_oauth.ts b/src/server_manager/electron_app/digitalocean_oauth.ts
@@ -106,6 +106,8 @@ export interface OauthSession {
   cancel(): void;
 }
 
+const CLOSE_WINDOW_HTML = `<html><script>window.close()</script></html>`;
+
 // Runs the DigitalOcean oauth flow and returns the access token.
 // See https://developers.digitalocean.com/documentation/oauth/ for the OAuth API.
 export function runOauth(): OauthSession {
@@ -116,6 +118,12 @@ export function runOauth(): OauthSession {
   server.on('close', () => console.log('Oauth server closed'));
 
   let isCancelled = false;
+  // Disable caching.
+  app.use((req, res, next) => {
+    res.header('Cache-Control', 'no-cache, no-store, must-revalidate');
+    next();
+  });
+  // Check for cancellation.
   app.use((req, res, next) => {
     if (isCancelled) {
       res.status(503).send('Authentication cancelled');
@@ -155,13 +163,13 @@ export function runOauth(): OauthSession {
 
       const requestSecret = request.query.secret;
       if (requestSecret !== secret) {
-        response.status(400).send('Authentication failed');
+        response.status(400).send(CLOSE_WINDOW_HTML);
         reject(new Error(`Expected secret ${secret}. Got ${requestSecret}`));
         return;
       }
       const params = new URLSearchParams(request.body.params);
       if (params.get('error')) {
-        response.status(400).send('Authentication failed');
+        response.status(400).send(CLOSE_WINDOW_HTML);
         reject(new Error(`DigitalOcean OAuth error: ${params.get('error_description')}`));
         return;
       }
@@ -170,15 +178,15 @@ export function runOauth(): OauthSession {
         getAccount(accessToken)
             .then((account) => {
               if (account.status === 'active') {
-                response.send(`<html><script>window.close()</script></html>`);
+                response.send(CLOSE_WINDOW_HTML);
               } else {
                 response.redirect('https://cloud.digitalocean.com');
               }
               resolve(accessToken);
             })
             .catch(reject);
       } else {
-        response.status(400).send('Authentication failed');
+        response.status(400).send(CLOSE_WINDOW_HTML);
         reject(new Error('No access_token on OAuth response'));
       }
     });