senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(middleware): bypass response cache for range-aware media endpoints

Browse source 
Surfaced by the v1.0.5 browser smoke test. ResponseCache captures the
entire body into a bytes.Buffer, JSON-serializes it (escaping non-UTF-8
bytes), and replays via c.Data for subsequent hits. For audio/video
streams this has two failure modes:

  1. Range headers are never honored — the cache replays the *full body*
     on every request, strips the Accept-Ranges header, and leaves the
     <audio> element unable to seek. The smoke test caught this when a
     `Range: bytes=100-299` request got back 200 OK with 48944 bytes
     instead of 206 Partial Content with 200 bytes.
  2. Non-UTF-8 bytes get escaped through the JSON round-trip (`\uFFFD`
     substitution etc.), corrupting the MP3 payload so even full plays
     can fail mid-stream.

Minimum-invasive fix: skip the cache entirely for any path containing
`/stream`, `/download`, or `/hls/`, and for any request that carries a
`Range` header (belt-and-suspenders for any future media endpoint). All
other anonymous GETs keep their 5-minute TTL.

Verified live: `GET /api/v1/tracks/:id/stream` returns
  - full: 200 OK, Accept-Ranges: bytes, Content-Length matches disk,
    body MD5 matches source file byte-for-byte
  - range: 206 Partial Content, Content-Range: bytes 100-299/48944,
    exactly 200 bytes
Browser <audio> plays end-to-end with currentTime progressing from 0 to
duration and seek to 1.5s succeeding (readyState=4, no error).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
senke 2026-04-16 16:05:21 +02:00
parent 712a0568e3
commit dda71cad80
1 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
veza-backend-api/internal/middleware/response_cache.go
View file

@ -84,6 +84,25 @@ func ResponseCache(cfg ResponseCacheConfig) gin.HandlerFunc {
return
}
// Skip caching for binary, range-aware media endpoints. Caching these
// strips Accept-Ranges and returns the full body for every request —
// the <audio> element can't seek and the cache also corrupts the
// byte stream when JSON-serializing non-UTF-8 bytes.
path := c.Request.URL.Path
if strings.Contains(path, "/stream") ||
strings.Contains(path, "/download") ||
strings.Contains(path, "/hls/") {
c.Next()
return
}
// Any explicit Range request must go straight to the handler so
// http.ServeContent can honor it.
if c.GetHeader("Range") != "" {
c.Next()
return
}
// Generate cache key from URL + query params
cacheKey := generateCacheKey(cfg.KeyPrefix, c.Request.URL.RequestURI())