Merge pull request #1683 from nextcloud/update-attribute-s

fix: Update attributes

Author: enjeck

appinfo/routes.php

@@ -20,10 +20,15 @@
 		'postfix' => 'welcome',
 	],
 	[
-		'name' => 'page#create',
+		'name' => 'page#createGet', // deprecated, use createPost instead
 		'url' => '/new',
 		'verb' => 'GET',
 	],
+	[
+		'name' => 'page#createPost',
+		'url' => '/new',
+		'verb' => 'POST',
+	],
 	[
 		'name' => 'page#index',
 		'url' => '/note/{id}',

lib/Controller/NotesApiController.php

@@ -298,7 +298,8 @@ public function getAttachment(int $noteid, string $path): Http\Response {
 			$response = new StreamResponse($fileHandle);
 			$response->addHeader('Content-Disposition', 'attachment; filename="' . rawurldecode($targetimage->getName()) . '"');
 			$response->addHeader('Content-Type', $this->mimeTypeDetector->getSecureMimeType($targetimage->getMimeType()));
-			$response->addHeader('Cache-Control', 'public, max-age=604800');
+			$response->addHeader('Vary', 'Authorization, Cookie');
+			$response->cacheFor(3600);
 			return $response;
 		} catch (\Exception $e) {
 			$this->helper->logException($e);

lib/Controller/NotesController.php

@@ -351,7 +351,8 @@ public function getAttachment(int $noteid, string $path): Http\Response {
 				'Content-Type',
 				$this->mimeTypeDetector->getSecureMimeType($targetimage->getMimeType())
 			);
-			$response->addHeader('Cache-Control', 'public, max-age=604800');
+			$response->addHeader('Vary', 'Authorization, Cookie');
+			$response->cacheFor(3600);
 			return $response;
 		} catch (\Exception $e) {
 			$this->helper->logException($e);

lib/Controller/PageController.php

@@ -21,6 +21,7 @@
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\UserRateLimit;
 use OCP\AppFramework\Http\ContentSecurityPolicy;
 use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Http\TemplateResponse;
@@ -30,6 +31,7 @@
 use OCP\IRequest;
 use OCP\IURLGenerator;
 use OCP\IUserSession;
+use Psr\Log\LoggerInterface;
 
 class PageController extends Controller {
 	private NotesService $notesService;
@@ -38,6 +40,7 @@ class PageController extends Controller {
 	private IURLGenerator $urlGenerator;
 	private IEventDispatcher $eventDispatcher;
 	private IInitialState $initialState;
+	private LoggerInterface $logger;
 
 	public function __construct(
 		string $AppName,
@@ -48,6 +51,7 @@ public function __construct(
 		IURLGenerator $urlGenerator,
 		IEventDispatcher $eventDispatcher,
 		IInitialState $initialState,
+		LoggerInterface $logger,
 	) {
 		parent::__construct($AppName, $request);
 		$this->notesService = $notesService;
@@ -56,6 +60,7 @@ public function __construct(
 		$this->urlGenerator = $urlGenerator;
 		$this->eventDispatcher = $eventDispatcher;
 		$this->initialState = $initialState;
+		$this->logger = $logger;
 	}
 
 
@@ -102,12 +107,25 @@ public function index() : TemplateResponse {
 	}
 
 	/**
-	 *
+	 * @deprecated Use createPost() instead. This endpoint will be removed in a future version.
 	 */
 	#[NoAdminRequired]
 	#[NoCSRFRequired]
-	public function create() : RedirectResponse {
-		$note = $this->notesService->create($this->userSession->getUser()->getUID(), '', '');
+	#[UserRateLimit(limit: 20, period: 60)]
+	public function createGet() : RedirectResponse {
+		$this->logger->debug('Deprecated GET /new endpoint used', [
+			'user' => $this->userSession->getUser()?->getUID(),
+			'remote_addr' => $this->request->getRemoteAddress(),
+			'user_agent' => $this->request->getHeader('User-Agent')
+		]);
+		return $this->createPost();
+	}
+
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
+	#[UserRateLimit(limit: 20, period: 60)]
+	public function createPost() : RedirectResponse {
+		$note = $this->notesService->create($this->userSession->getUser()?->getUID() ?? '', '', '');
 		$note->setContent('');
 		$url = $this->urlGenerator->linkToRoute('notes.page.indexnote', [ 'id' => $note->getId() ]);
 		return new RedirectResponse($url . '?new');