diff --git a/lib/travis/api/app/extensions/scoping.rb b/lib/travis/api/app/extensions/scoping.rb index 96b76b83..72643ffe 100644 --- a/lib/travis/api/app/extensions/scoping.rb +++ b/lib/travis/api/app/extensions/scoping.rb @@ -3,6 +3,16 @@ require 'travis/api/app' class Travis::Api::App module Extensions module Scoping + module Helpers + def scope + env['travis.scope'].to_sym + end + + def public? + scope == :public + end + end + def self.registered(app) app.set default_scope: :public, anonymous_scopes: [:public] app.helpers(Helpers) @@ -16,8 +26,9 @@ class Travis::Api::App headers['X-Accepted-OAuth-Scopes'] = name.to_s if scopes.include? name + env['travis.scope'] = name headers['Vary'] = 'Accept' - headers['Vary'] << ', Authorization' if name == :public + headers['Vary'] << ', Authorization' unless public? true elsif env['travis.access_token'] halt 403, "insufficient access" diff --git a/lib/travis/api/app/responders/service.rb b/lib/travis/api/app/responders/service.rb index bd117e38..c0ed514f 100644 --- a/lib/travis/api/app/responders/service.rb +++ b/lib/travis/api/app/responders/service.rb @@ -14,12 +14,11 @@ module Travis::Api::App::Responders private def cache_control - if final? - endpoint.expires 31536000, :public # 1 year - elsif updated_at? - endpoint.cache_control :public, :must_revalidate - endpoint.last_modified resource.updated_at - end + mode = [endpoint.public? ? :public : :private] + mode << :must_revalidate unless final? + endpoint.expires(31536000, *mode) # 1 year + endpoint.etag resource.cache_key if cache_key? + endpoint.last_modified resource.updated_at if updated_at? end def final? @@ -30,6 +29,10 @@ module Travis::Api::App::Responders resource.respond_to?(:updated_at) && resource.updated_at end + def cache_key? + resource.respond_to?(:cache_key) && resource.cache_key + end + # Services potentially return all sorts of things # If it's a string, true or false we'll wrap it into a hash. # If it's an active record or scope we just pass so it can be processed by the json responder.