From cadf7487afa0f107aee2a28d029dd8583a9e1c50 Mon Sep 17 00:00:00 2001
From: Matchu <matchu1993@gmail.com>
Date: Tue, 16 Nov 2021 12:12:51 -0800
Subject: [PATCH] Mark currentUser GQL as non-cacheable

Comments explain most of this! Vercel changed around the Cache-Control headers a bit to always essentially apply max-age:0 when scope:PRIVATE was true.

I'm noticing this isn't *fully* working yet though, because we're not getting a `Cache-Control: private` header, we're just getting no header at all. Fastly might aggressively choose to cache it anyway with etag stuff! I bet that's the fault of our caching middleware plugin thing, so I'll check on that!
---
 src/server/types/User.js | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/server/types/User.js b/src/server/types/User.js
index ac81383..9d40f1e 100644
--- a/src/server/types/User.js
+++ b/src/server/types/User.js
@@ -47,7 +47,20 @@ const typeDefs = gql`
     user(id: ID!): User
     userByName(name: String!): User
     userByEmail(email: String!, supportSecret: String!): User
-    currentUser: User
+
+    """
+    The currently logged-in user.
+    """
+    # Don't allow caching of *anything* nested inside currentUser, because we
+    # want logins/logouts always reset user data properly.
+    #
+    # TODO: If we wanted to privately cache a currentUser field, we could
+    #       remove the maxAge condition here, and attach user ID to the GraphQL
+    #       request URL when sending auth headers. That way, changing user
+    #       would send different requests and avoid the old cache hits. (But we
+    #       should leave the scope, to emphasize that the CDN cache shouldn't
+    #       cache it.)
+    currentUser: User @cacheControl(maxAge: 0, scope: PRIVATE)
   }
 `;