From e9fdd3ac03ef859479a491cafc1fb6220c8e974d Mon Sep 17 00:00:00 2001
From: huazhuang80-star <295584745+huazhuang80-star@users.noreply.github.com>
Date: Mon, 22 Jun 2026 15:33:14 +0800
Subject: [PATCH] perf(api): set cache headers for responses

---
 app/backend/src/main.ts | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/app/backend/src/main.ts b/app/backend/src/main.ts
index b267a67..77e2fcb 100644
--- a/app/backend/src/main.ts
+++ b/app/backend/src/main.ts
@@ -6,6 +6,7 @@ import { AppModule } from './app.module';
 import { LoggerService } from './logger/logger.service';
 import { LoggingInterceptor } from './interceptors/logging.interceptor';
 import { config as loadEnv } from 'dotenv';
+import type { NextFunction, Request, Response } from 'express';
 import { existsSync } from 'node:fs';
 import { join } from 'node:path';
 
@@ -17,6 +18,23 @@ import {
   createRateLimiter,
 } from './common/security/security.module';
 
+function createApiCacheHeaderMiddleware() {
+  return (req: Request, res: Response, next: NextFunction) => {
+    const hasCredentials = Boolean(req.headers.authorization || req.headers['x-api-key']);
+
+    res.setHeader('Vary', 'Authorization, x-api-key');
+
+    if (req.method !== 'GET' || hasCredentials) {
+      res.setHeader('Cache-Control', 'no-store');
+      next();
+      return;
+    }
+
+    res.setHeader('Cache-Control', 'private, max-age=30, stale-while-revalidate=30');
+    next();
+  };
+}
+
 async function bootstrap() {
   // Load environment variables
   const candidates = [
@@ -44,10 +62,16 @@ async function bootstrap() {
   const configService = app.get(ConfigService);
 
   // Security middleware (order matters)
+  const httpAdapter = app.getHttpAdapter().getInstance() as {
+    set?: (setting: string, value: unknown) => void;
+  };
+  httpAdapter.set?.('etag', 'weak');
+
   app.use(createHelmetMiddleware(configService));
   app.use(createCorsOriginValidator(configService));
   app.enableCors(buildCorsOptions(configService));
   app.use(createRateLimiter(configService));
+  app.use(createApiCacheHeaderMiddleware());
 
   // Global prefix
   app.setGlobalPrefix('api');