@travetto/web 6.0.0-rc.6 → 6.0.1

package/README.md

@@ -2,7 +2,7 @@
 <!-- Please modify https://github.com/travetto/travetto/tree/main/module/web/DOC.tsx and execute "npx trv doc" to rebuild -->
 # Web API
 
-## Declarative api for Web Applications with support for the dependency injection.
+## Declarative support creating for Web Applications
 
 **Install: @travetto/web**
 ```bash
@@ -16,11 +16,10 @@ yarn add @travetto/web
 The module provides a declarative API for creating and describing a Web application.  Since the framework is declarative, decorators are used to configure almost everything. The general layout of an application is a collection of [@Controller](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/controller.ts#L9)s that employ some combination of [WebInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/types/interceptor.ts#L15)s to help manage which functionality is executed before the [Endpoint](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L14) code, within the [@Controller](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/controller.ts#L9). This module will look at:
    *  Request/Response Pattern
    *  Defining a [@Controller](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/controller.ts#L9)
-   *  Defining an [Endpoint](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L14)s
-   *  Using [WebInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/types/interceptor.ts#L15)s
+   *  Defining an [Endpoint](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L14)
+   *  Using a [WebInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/types/interceptor.ts#L15)
    *  Creating a Custom [WebInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/types/interceptor.ts#L15)
    *  Cookies
-   *  Error Handling
 
 ## Request/Response Pattern
 Unlike other frameworks (e.g. [express](https://expressjs.com), [fastify](https://www.fastify.io/)), this module takes an approach that is similar to [AWS Lambda](https://aws.amazon.com/lambda/)'s model for requests and responses. What you can see here is that [WebRequest](https://github.com/travetto/travetto/tree/main/module/web/src/types/request.ts#L11) and [WebResponse](https://github.com/travetto/travetto/tree/main/module/web/src/types/response.ts#L3) are very simple objects, with the focus being on the `payload` and `body`.  This is intended to provide maximal compatibility with non-HTTP sources.  The driving goal is to support more than just standard HTTP servers but also allow for seamless integration with tools like event queues, web sockets, etc.
@@ -69,6 +68,8 @@ import { BaseWebMessage } from './message.ts';
 
 export interface WebResponseContext {
   httpStatusCode?: number;
+  isPrivate?: boolean;
+  cacheableAge?: number;
 }
 
 /**
@@ -113,13 +114,13 @@ class SimpleController {
 Once the controller is declared, each method of the controller is a candidate for being an endpoint.  By design, everything is asynchronous, and so async/await is natively supported. 
 
 The most common pattern is to register HTTP-driven endpoints.  The HTTP methods that are currently supported:
-   *  [@Get](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L43)
-   *  [@Post](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L50)
-   *  [@Put](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L57)
-   *  [@Delete](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L70)
-   *  [@Patch](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L64)
-   *  [@Head](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L76)
-   *  [@Options](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L82)
+   *  [@Get](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L42)
+   *  [@Post](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L49)
+   *  [@Put](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L56)
+   *  [@Delete](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L69)
+   *  [@Patch](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L63)
+   *  [@Head](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L75)
+   *  [@Options](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L81)
 
 Similar to the Controller, each endpoint decorator handles the following config:
    *  `title` - The definition of the endpoint
@@ -250,7 +251,7 @@ class ContextController {
 }
 ```
 
-**Note**: When referencing the [@ContextParam](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/param.ts#L61) values, the contract for idempotency needs to be carefully inspected, if expected. You can see in the example above that the [CacheControl](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/common.ts#L55) decorator is used to ensure that the response is not cached.
+**Note**: When referencing the [@ContextParam](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/param.ts#L61) values, the contract for idempotency needs to be carefully inspected, if expected. You can see in the example above that the [CacheControl](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/common.ts#L48) decorator is used to ensure that the response is not cached.
 
 ### Validating Inputs
 The module provides high level access for [Schema](https://github.com/travetto/travetto/tree/main/module/schema#readme "Data type registry for runtime validation, reflection and binding.") support, via decorators, for validating and typing request inputs. 
@@ -378,7 +379,7 @@ Out of the box, the web framework comes with a few interceptors, and more are co
    1. terminal - Handles once request and response are finished building - [LoggingInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/logging.ts#L28), [RespondInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/respond.ts#L12)
    1. pre-request - Prepares the request for running - [TrustProxyInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/trust-proxy.ts#L23)
    1. request - Handles inbound request, validation, and body preparation - [DecompressInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/decompress.ts#L53), [AcceptInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/accept.ts#L34), [BodyInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/body.ts#L57), [CookieInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/cookie.ts#L60) 
-   1. response - Prepares outbound response - [CompressInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/compress.ts#L50), [CorsInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/cors.ts#L51), [EtagInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/etag.ts#L34), [ResponseCacheInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/response-cache.ts#L30) 
+   1. response - Prepares outbound response - [CompressInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/compress.ts#L50), [CorsInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/cors.ts#L51), [EtagInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/etag.ts#L43), [CacheControlInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/cache-control.ts#L23) 
    1. application - Lives outside of the general request/response behavior, [Web Auth](https://github.com/travetto/travetto/tree/main/module/auth-web#readme "Web authentication integration support for the Travetto framework") uses this for login and logout flows.
 
 ### Packaged Interceptors
@@ -515,7 +516,7 @@ export class WebBodyConfig {
   /**
    * Max body size limit
    */
-  limit: `${number}${'mb' | 'kb' | 'gb' | 'b' | ''}` = '1mb';
+  limit: ByteSizeInput = '1mb';
   /**
    * How to interpret different content types
    */
@@ -556,7 +557,7 @@ export class CompressConfig {
 ```
 
 #### EtagInterceptor
-[EtagInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/etag.ts#L34) by default, will tag all cacheable HTTP responses, when the response value/length is known.  Streams, and other async data sources do not have a pre-defined length, and so are ineligible for etagging.
+[EtagInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/etag.ts#L43) by default, will tag all cacheable HTTP responses, when the response value/length is known.  Streams, and other async data sources do not have a pre-defined length, and so are ineligible for etagging.
 
 **Code: ETag Config**
 ```typescript
@@ -569,9 +570,16 @@ export class EtagConfig {
    * Should we generate a weak etag
    */
   weak?: boolean;
+  /**
+   * Threshold for tagging avoids tagging small responses
+   */
+  minimumSize: ByteSizeInput = '10kb';
 
   @Ignore()
   cacheable?: boolean;
+
+  @Ignore()
+  _minimumSize: number | undefined;
 }
 ```
 
@@ -612,8 +620,12 @@ export class CorsConfig {
 }
 ```
 
-#### ResponseCacheInterceptor
-[ResponseCacheInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/response-cache.ts#L30) by default, disables caching for all GET requests if the response does not include caching headers.  This can be managed by setting `web.getCache.applies: <boolean>` in your config.  This interceptor applies by default.
+#### CacheControlInterceptor
+[CacheControlInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/cache-control.ts#L23) by default, enforces whatever caching policy is established on a given endpoint using the [CacheControl](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/common.ts#L48) decorator.   Additionally, the interceptor retains knowledge if it is running on a private endpoint, or not.  If the endpoint is deemed private it affects the caching header accordingly. If the endpoint directly returns a `Cache-Control` header, that takes precedence and all other logic is ignored. 
+
+This can be managed by setting `web.cache.applies: <boolean>` in your config. 
+
+**Note**: The [Web Auth](https://github.com/travetto/travetto/tree/main/module/auth-web#readme "Web authentication integration support for the Travetto framework") module will mark endpoints as private if they require authentication.
 
 ### Configuring Interceptors
 All framework-provided interceptors, follow the same patterns for general configuration.  This falls into three areas:
@@ -727,7 +739,28 @@ export class SimpleAuthInterceptor implements WebInterceptor {
 ```
 
 ## Cookie Support
-[express](https://expressjs.com)/[koa](https://koajs.com/)/[fastify](https://www.fastify.io/) all have their own cookie implementations that are common for each framework but are somewhat incompatible.  To that end, cookies are supported for every platform, by using [cookies](https://www.npmjs.com/package/cookies).  This functionality is exposed onto the [WebRequest](https://github.com/travetto/travetto/tree/main/module/web/src/types/request.ts#L11) object following the pattern set forth by Koa (this is the library Koa uses).  This choice also enables better security support as we are able to rely upon standard behavior when it comes to cookies, and signing.
+Cookies are a unique element, within the framework, as they sit on the request and response flows.  Ideally we would separate these out, but given the support for key rotation, there is a scenario in which reading a cookie on the request, will result in a cookie needing to be written on the response.  Because of this, cookies are treated as being outside the normal [WebRequest](https://github.com/travetto/travetto/tree/main/module/web/src/types/request.ts#L11) activity, and is exposed as the [@ContextParam](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/param.ts#L61) [CookieJar](https://github.com/travetto/travetto/tree/main/module/web/src/util/cookie.ts#L11).  The [CookieJar](https://github.com/travetto/travetto/tree/main/module/web/src/util/cookie.ts#L11) has a fairly basic contract:
+
+**Code: CookieJar contract**
+```typescript
+export class CookieJar {
+  static parseCookieHeader(header: string): Cookie[];
+  static parseSetCookieHeader(header: string): Cookie;
+  static responseSuffix(c: Cookie): string[];
+  constructor({ keys, ...options }: CookieJarOptions = {});
+  import(cookies: Cookie[]): this;
+  has(name: string, opts: CookieGetOptions = {}): boolean;
+  get(name: string, opts: CookieGetOptions = {}): string | undefined;
+  set(cookie: Cookie): void;
+  getAll(): Cookie[];
+  importCookieHeader(header: string | null | undefined): this;
+  importSetCookieHeader(headers: string[] | null | undefined): this;
+  exportCookieHeader(): string;
+  exportSetCookieHeader(): string[];
+}
+```
+
+`.get()`/`.set()` will be the most commonly used methods, and should align with standard cookie reading/writing behavior.
 
 **Code: Sample Cookie Usage**
 ```typescript
@@ -758,6 +791,3 @@ export class SimpleEndpoints {
   }
 }
 ```
-
-## Full Config
-The entire [WebConfig](https://github.com/travetto/travetto/tree/main/module/web/src/config.ts#L7) which will show the full set of valid configuration parameters for the web module.

package/__index__.ts

@@ -31,7 +31,7 @@ export * from './src/interceptor/compress.ts';
 export * from './src/interceptor/context.ts';
 export * from './src/interceptor/decompress.ts';
 export * from './src/interceptor/etag.ts';
-export * from './src/interceptor/response-cache.ts';
+export * from './src/interceptor/cache-control.ts';
 export * from './src/interceptor/logging.ts';
 export * from './src/interceptor/respond.ts';
 export * from './src/interceptor/trust-proxy.ts';

package/package.json

@@ -1,10 +1,9 @@
 {
   "name": "@travetto/web",
-  "version": "6.0.0-rc.6",
-  "description": "Declarative api for Web Applications with support for the dependency injection.",
+  "version": "6.0.1",
+  "description": "Declarative support creating for Web Applications",
   "keywords": [
     "web",
-    "dependency-injection",
     "decorators",
     "travetto",
     "typescript"
@@ -26,12 +25,12 @@
     "directory": "module/web"
   },
   "dependencies": {
-    "@travetto/config": "^6.0.0-rc.2",
-    "@travetto/context": "^6.0.0-rc.2",
-    "@travetto/di": "^6.0.0-rc.2",
-    "@travetto/registry": "^6.0.0-rc.2",
-    "@travetto/runtime": "^6.0.0-rc.2",
-    "@travetto/schema": "^6.0.0-rc.2",
+    "@travetto/config": "^6.0.0",
+    "@travetto/context": "^6.0.0",
+    "@travetto/di": "^6.0.0",
+    "@travetto/registry": "^6.0.0",
+    "@travetto/runtime": "^6.0.0",
+    "@travetto/schema": "^6.0.0",
     "@types/fresh": "^0.5.2",
     "@types/keygrip": "^1.0.6",
     "@types/negotiator": "^0.6.3",
@@ -41,9 +40,9 @@
     "negotiator": "^1.0.0"
   },
   "peerDependencies": {
-    "@travetto/cli": "^6.0.0-rc.3",
-    "@travetto/test": "^6.0.0-rc.3",
-    "@travetto/transformer": "^6.0.0-rc.3"
+    "@travetto/cli": "^6.0.0",
+    "@travetto/test": "^6.0.1",
+    "@travetto/transformer": "^6.0.0"
   },
   "peerDependenciesMeta": {
     "@travetto/transformer": {

package/src/decorator/common.ts

@@ -1,10 +1,9 @@
-import { asConstructable, castTo, Class, TimeSpan } from '@travetto/runtime';
+import { asConstructable, castTo, Class, TimeSpan, TimeUtil } from '@travetto/runtime';
 
 import { ControllerRegistry } from '../registry/controller.ts';
 import { EndpointConfig, ControllerConfig, DescribableConfig, EndpointDecorator, EndpointFunctionDescriptor } from '../registry/types.ts';
 import { AcceptInterceptor } from '../interceptor/accept.ts';
 import { WebInterceptor } from '../types/interceptor.ts';
-import { WebCommonUtil, CacheControlFlag } from '../util/common.ts';
 
 function register(config: Partial<EndpointConfig | ControllerConfig>): EndpointDecorator {
   return function <T>(target: T | Class<T>, property?: string, descriptor?: EndpointFunctionDescriptor) {
@@ -40,27 +39,25 @@ export function SetHeaders(headers: EndpointConfig['responseHeaders']): Endpoint
  */
 export function Produces(mime: string): EndpointDecorator { return SetHeaders({ 'Content-Type': mime }); }
 
-/**
- * Specifies if endpoint should be conditional
- */
-export function ConditionalRegister(handler: () => (boolean | Promise<boolean>)): EndpointDecorator {
-  return register({ conditional: handler });
-}
+type CacheControlInput = { cacheableAge?: number | TimeSpan, isPrivate?: boolean };
 
 /**
  * Set the max-age of a response based on the config
  * @param value The value for the duration
- * @param unit The unit of measurement
  */
-export function CacheControl(value: number | TimeSpan, flags: CacheControlFlag[] = []): EndpointDecorator {
-  return SetHeaders({ 'Cache-Control': WebCommonUtil.getCacheControlValue(value, flags) });
+export function CacheControl(input: TimeSpan | number | CacheControlInput, extra?: Omit<CacheControlInput, 'cacheableAge'>): EndpointDecorator {
+  if (typeof input === 'string' || typeof input === 'number') {
+    input = { ...extra, cacheableAge: input };
+  }
+  const { cacheableAge, isPrivate } = input;
+  return register({
+    responseContext: {
+      ...(cacheableAge !== undefined ? { cacheableAge: TimeUtil.asSeconds(cacheableAge) } : {}),
+      ...isPrivate !== undefined ? { isPrivate } : {}
+    }
+  });
 }
 
-/**
- * Disable cache control, ensuring endpoint will not cache
- */
-export const DisableCacheControl = (): EndpointDecorator => CacheControl(0);
-
 /**
  * Define an endpoint to support specific input types
  * @param types The list of mime types to allow/deny
@@ -79,6 +76,13 @@ export function Accepts(types: [string, ...string[]]): EndpointDecorator {
 export const ConfigureInterceptor =
   ControllerRegistry.createInterceptorConfigDecorator.bind(ControllerRegistry);
 
+/**
+ * Specifies if endpoint should be conditional
+ */
+export function ConditionalRegister(handler: () => (boolean | Promise<boolean>)): EndpointDecorator {
+  return register({ conditional: handler });
+}
+
 /**
  * Registers an interceptor exclusion filter
  */

package/src/decorator/endpoint.ts

@@ -20,7 +20,6 @@ export function Endpoint(config: EndpointDecConfig): EndpointFunctionDecorator {
   };
 }
 
-
 function HttpEndpoint(method: HttpMethod, path: string): EndpointFunctionDecorator {
   const { body: allowsBody, cacheable, emptyStatusCode } = HTTP_METHODS[method];
   return Endpoint({

package/src/interceptor/body.ts

@@ -9,7 +9,7 @@ import { WebInterceptorCategory } from '../types/core.ts';
 import { WebInterceptor, WebInterceptorContext } from '../types/interceptor.ts';
 
 import { WebBodyUtil } from '../util/body.ts';
-import { WebCommonUtil } from '../util/common.ts';
+import { ByteSizeInput, WebCommonUtil } from '../util/common.ts';
 
 import { AcceptInterceptor } from './accept.ts';
 import { DecompressInterceptor } from './decompress.ts';
@@ -35,7 +35,7 @@ export class WebBodyConfig {
   /**
    * Max body size limit
    */
-  limit: `${number}${'mb' | 'kb' | 'gb' | 'b' | ''}` = '1mb';
+  limit: ByteSizeInput = '1mb';
   /**
    * How to interpret different content types
    */

package/src/interceptor/cache-control.ts

@@ -0,0 +1,58 @@
+import { Injectable, Inject } from '@travetto/di';
+import { Config } from '@travetto/config';
+
+import { WebChainedContext } from '../types/filter.ts';
+import { WebInterceptor, WebInterceptorContext } from '../types/interceptor.ts';
+import { WebInterceptorCategory } from '../types/core.ts';
+import { WebResponse } from '../types/response.ts';
+
+import { EtagInterceptor } from './etag.ts';
+
+@Config('web.cache')
+export class CacheControlConfig {
+  /**
+   * Generate response cache headers
+   */
+  applies = true;
+}
+
+/**
+ * Determines if we should cache all get requests
+ */
+@Injectable()
+export class CacheControlInterceptor implements WebInterceptor {
+
+  category: WebInterceptorCategory = 'response';
+  dependsOn = [EtagInterceptor];
+
+  @Inject()
+  config: CacheControlConfig;
+
+  applies({ config, endpoint }: WebInterceptorContext<CacheControlConfig>): boolean {
+    return config.applies && endpoint.cacheable;
+  }
+
+  async filter({ next }: WebChainedContext<CacheControlConfig>): Promise<WebResponse> {
+    const response = await next();
+    if (!response.headers.has('Cache-Control')) {
+      const parts: string[] = [];
+      if (response.context.isPrivate !== undefined) {
+        parts.push(response.context.isPrivate ? 'private' : 'public');
+      }
+      if (response.context.cacheableAge !== undefined) {
+        parts.push(
+          ...(response.context.cacheableAge <= 0 ?
+            ['no-store', 'max-age=0'] :
+            [`max-age=${response.context.cacheableAge}`]
+          )
+        );
+      } else if (response.context.isPrivate) { // If private, but no age, don't store
+        parts.push('no-store');
+      }
+      if (parts.length) {
+        response.headers.set('Cache-Control', parts.join(','));
+      }
+    }
+    return response;
+  }
+}

package/src/interceptor/etag.ts

@@ -4,6 +4,7 @@ import fresh from 'fresh';
 import { Injectable, Inject } from '@travetto/di';
 import { Config } from '@travetto/config';
 import { Ignore } from '@travetto/schema';
+import { BinaryUtil } from '@travetto/runtime';
 
 import { WebChainedContext } from '../types/filter.ts';
 import { WebResponse } from '../types/response.ts';
@@ -11,6 +12,7 @@ import { WebInterceptor, WebInterceptorContext } from '../types/interceptor.ts';
 import { WebInterceptorCategory } from '../types/core.ts';
 import { CompressInterceptor } from './compress.ts';
 import { WebBodyUtil } from '../util/body.ts';
+import { ByteSizeInput, WebCommonUtil } from '../util/common.ts';
 
 @Config('web.etag')
 export class EtagConfig {
@@ -22,9 +24,16 @@ export class EtagConfig {
    * Should we generate a weak etag
    */
   weak?: boolean;
+  /**
+   * Threshold for tagging avoids tagging small responses
+   */
+  minimumSize: ByteSizeInput = '10kb';
 
   @Ignore()
   cacheable?: boolean;
+
+  @Ignore()
+  _minimumSize: number | undefined;
 }
 
 /**
@@ -52,21 +61,32 @@ export class EtagInterceptor implements WebInterceptor {
   addTag(ctx: WebChainedContext<EtagConfig>, response: WebResponse): WebResponse {
     const { request } = ctx;
 
-    const statusCode = response.context.httpStatusCode;
+    const statusCode = response.context.httpStatusCode ?? 200;
 
-    if (statusCode && (statusCode >= 300 && statusCode !== 304)) {
+    if (
+      (statusCode >= 300 && statusCode !== 304) || // Ignore redirects
+      BinaryUtil.isReadableStream(response.body) // Ignore streams (unknown length)
+    ) {
       return response;
     }
 
     const binaryResponse = new WebResponse({ ...response, ...WebBodyUtil.toBinaryMessage(response) });
-    if (!Buffer.isBuffer(binaryResponse.body)) {
+
+    const body = binaryResponse.body;
+    if (!Buffer.isBuffer(body)) {
+      return binaryResponse;
+    }
+
+    const minSize = ctx.config._minimumSize ??= WebCommonUtil.parseByteSize(ctx.config.minimumSize);
+    if (body.length < minSize) {
       return binaryResponse;
     }
 
-    const tag = this.computeTag(binaryResponse.body);
+    const tag = this.computeTag(body);
     binaryResponse.headers.set('ETag', `${ctx.config.weak ? 'W/' : ''}"${tag}"`);
 
-    if (ctx.config.cacheable &&
+    if (
+      ctx.config.cacheable &&
       fresh({
         'if-modified-since': request.headers.get('If-Modified-Since')!,
         'if-none-match': request.headers.get('If-None-Match')!,
@@ -76,7 +96,12 @@ export class EtagInterceptor implements WebInterceptor {
         'last-modified': binaryResponse.headers.get('Last-Modified')!
       })
     ) {
-      return new WebResponse({ context: { httpStatusCode: 304 } });
+      // Remove length for the 304
+      binaryResponse.headers.delete('Content-Length');
+      return new WebResponse({
+        context: { ...response.context, httpStatusCode: 304 },
+        headers: binaryResponse.headers
+      });
     }
 
     return binaryResponse;

package/src/registry/controller.ts

@@ -50,6 +50,7 @@ class $ControllerRegistry extends MetadataRegistry<ControllerConfig, EndpointCon
       externalName: cls.name.replace(/(Controller|Web|Service)$/, ''),
       endpoints: [],
       contextParams: {},
+      responseHeaders: {}
     };
   }
 
@@ -68,7 +69,8 @@ class $ControllerRegistry extends MetadataRegistry<ControllerConfig, EndpointCon
       interceptorConfigs: [],
       name: endpoint.name,
       endpoint,
-      responseHeaderMap: new WebHeaders(),
+      responseHeaders: {},
+      finalizedResponseHeaders: new WebHeaders(),
       responseFinalizer: undefined
     };
 
@@ -199,7 +201,7 @@ class $ControllerRegistry extends MetadataRegistry<ControllerConfig, EndpointCon
    * @param src Root describable (controller, endpoint)
    * @param dest Target (controller, endpoint)
    */
-  mergeDescribable(src: Partial<ControllerConfig | EndpointConfig>, dest: Partial<ControllerConfig | EndpointConfig>): void {
+  mergeCommon(src: Partial<ControllerConfig | EndpointConfig>, dest: Partial<ControllerConfig | EndpointConfig>): void {
     dest.filters = [...(dest.filters ?? []), ...(src.filters ?? [])];
     dest.interceptorConfigs = [...(dest.interceptorConfigs ?? []), ...(src.interceptorConfigs ?? [])];
     dest.interceptorExclude = dest.interceptorExclude ?? src.interceptorExclude;
@@ -207,6 +209,7 @@ class $ControllerRegistry extends MetadataRegistry<ControllerConfig, EndpointCon
     dest.description = src.description || dest.description;
     dest.documented = src.documented ?? dest.documented;
     dest.responseHeaders = { ...src.responseHeaders, ...dest.responseHeaders };
+    dest.responseContext = { ...src.responseContext, ...dest.responseContext };
   }
 
   /**
@@ -231,7 +234,7 @@ class $ControllerRegistry extends MetadataRegistry<ControllerConfig, EndpointCon
       srcConf.path = `/${srcConf.path}`;
     }
 
-    this.mergeDescribable(config, srcConf);
+    this.mergeCommon(config, srcConf);
 
     return descriptor;
   }
@@ -252,7 +255,7 @@ class $ControllerRegistry extends MetadataRegistry<ControllerConfig, EndpointCon
     srcConf.contextParams = { ...srcConf.contextParams, ...config.contextParams };
 
 
-    this.mergeDescribable(config, srcConf);
+    this.mergeCommon(config, srcConf);
   }
 
   /**
@@ -266,7 +269,8 @@ class $ControllerRegistry extends MetadataRegistry<ControllerConfig, EndpointCon
       this.#endpointsById.set(ep.id, ep);
       // Store full path from base for use in other contexts
       ep.fullPath = `/${final.basePath}/${ep.path}`.replace(/[/]{1,4}/g, '/').replace(/(.)[/]$/, (_, a) => a);
-      ep.responseHeaderMap = new WebHeaders({ ...final.responseHeaders ?? {}, ...ep.responseHeaders ?? {} });
+      ep.finalizedResponseHeaders = new WebHeaders({ ...final.responseHeaders, ...ep.responseHeaders });
+      ep.responseContext = { ...final.responseContext, ...ep.responseContext };
     }
 
     if (this.has(final.basePath)) {

package/src/registry/types.ts

@@ -5,7 +5,7 @@ import type { WebInterceptor } from '../types/interceptor.ts';
 import type { WebChainedFilter, WebFilter } from '../types/filter.ts';
 import { HttpMethod } from '../types/core.ts';
 import { WebHeaders } from '../types/headers.ts';
-import { WebResponse } from '../types/response.ts';
+import { WebResponse, WebResponseContext } from '../types/response.ts';
 import { WebRequest } from '../types/request.ts';
 
 export type EndpointFunction = TypedFunction<Any, unknown>;
@@ -78,6 +78,10 @@ interface CoreConfig {
    * Response headers
    */
   responseHeaders?: Record<string, string>;
+  /**
+   * Partial response context
+   */
+  responseContext?: Partial<WebResponseContext>;
 }
 
 /**
@@ -167,14 +171,14 @@ export interface EndpointConfig extends CoreConfig, DescribableConfig {
    * Full path including controller
    */
   fullPath: string;
-  /**
-   * Response header map
-   */
-  responseHeaderMap: WebHeaders;
   /**
    * Response finalizer
    */
   responseFinalizer?: (res: WebResponse) => WebResponse;
+  /**
+   * Response headers finalized
+   */
+  finalizedResponseHeaders: WebHeaders;
 }
 
 /**

package/src/types/response.ts

@@ -2,6 +2,8 @@ import { BaseWebMessage } from './message.ts';
 
 export interface WebResponseContext {
   httpStatusCode?: number;
+  isPrivate?: boolean;
+  cacheableAge?: number;
 }
 
 /**

package/src/util/common.ts

@@ -1,17 +1,15 @@
-import { AppError, ErrorCategory, TimeSpan, TimeUtil } from '@travetto/runtime';
+import { AppError, ErrorCategory } from '@travetto/runtime';
 
 import { WebResponse } from '../types/response.ts';
 import { WebRequest } from '../types/request.ts';
+import { WebError } from '../types/error.ts';
 
 type List<T> = T[] | readonly T[];
 type OrderedState<T> = { after?: List<T>, before?: List<T>, key: T };
 
 const WebRequestParamsSymbol = Symbol();
 
-export type CacheControlFlag =
-  'must-revalidate' | 'public' | 'private' | 'no-cache' |
-  'no-store' | 'no-transform' | 'proxy-revalidate' | 'immutable' |
-  'must-understand' | 'stale-if-error' | 'stale-while-revalidate';
+export type ByteSizeInput = `${number}${'mb' | 'kb' | 'gb' | 'b' | ''}` | number;
 
 /**
  * Mapping from error category to standard http error codes
@@ -103,7 +101,7 @@ export class WebCommonUtil {
         new AppError(err.message, { details: err }) :
         new AppError(`${err}`);
 
-    const error: Error & { category?: ErrorCategory, details?: { statusCode: number } } = body;
+    const error: Error & Partial<WebError> = body;
     const statusCode = error.details?.statusCode ?? ERROR_CATEGORY_STATUS[error.category!] ?? 500;
 
     return new WebResponse({ body, context: { httpStatusCode: statusCode } });
@@ -123,19 +121,13 @@ export class WebCommonUtil {
     request[WebRequestParamsSymbol] ??= params;
   }
 
-  /**
-   * Get a cache control value
-   */
-  static getCacheControlValue(value: number | TimeSpan, flags: CacheControlFlag[] = []): string {
-    const delta = TimeUtil.asSeconds(value);
-    const finalFlags = delta === 0 ? ['no-cache'] : flags;
-    return [...finalFlags, `max-age=${delta}`].join(',');
-  }
-
   /**
    * Parse byte size
    */
-  static parseByteSize(input: `${number}${'mb' | 'kb' | 'gb' | 'b' | ''}`): number {
+  static parseByteSize(input: ByteSizeInput): number {
+    if (typeof input === 'number') {
+      return input;
+    }
     const [, num, unit] = input.toLowerCase().split(/(\d+)/);
     return parseInt(num, 10) * (this.#unitMapping[unit] ?? 1);
   }

package/src/util/endpoint.ts

@@ -143,10 +143,15 @@ export class EndpointUtil {
     try {
       const params = await this.extractParameters(endpoint, request);
       const body = await endpoint.endpoint.apply(endpoint.instance, params);
-      const headers = endpoint.responseHeaderMap;
-      const response = body instanceof WebResponse ? body : new WebResponse({ body, headers });
-      if (response === body) {
-        for (const [k, v] of headers) { response.headers.setIfAbsent(k, v); }
+      const headers = endpoint.finalizedResponseHeaders;
+      let response: WebResponse;
+      if (body instanceof WebResponse) {
+        for (const [k, v] of headers) { body.headers.setIfAbsent(k, v); }
+        // Rewrite context
+        Object.assign(body.context, { ...endpoint.responseContext, ...body.context });
+        response = body;
+      } else {
+        response = new WebResponse({ body, headers, context: { ...endpoint.responseContext } });
       }
       return endpoint.responseFinalizer?.(response) ?? response;
     } catch (err) {

package/support/transformer.web.ts

@@ -56,7 +56,7 @@ export class WebTransformer {
       config.name = '';
     }
 
-    if (paramType.key === 'managed') {
+    if (paramType.key === 'managed' && paramType.importName.startsWith('@travetto/')) {
       if (paramType.name === 'WebResponse') {
         throw new Error(`${paramType.name} must be registered using @ContextParam`);
       } else if (paramType.name === 'WebRequest') {

package/src/interceptor/response-cache.ts

@@ -1,47 +0,0 @@
-import { Injectable, Inject } from '@travetto/di';
-import { Config } from '@travetto/config';
-
-import { WebChainedContext } from '../types/filter.ts';
-import { WebInterceptor, WebInterceptorContext } from '../types/interceptor.ts';
-import { WebInterceptorCategory } from '../types/core.ts';
-import { WebResponse } from '../types/response.ts';
-
-import { WebCommonUtil } from '../util/common.ts';
-
-import { EtagInterceptor } from './etag.ts';
-
-@Config('web.cache')
-export class ResponseCacheConfig {
-  /**
-   * Generate response cache headers
-   */
-  applies = true;
-
-  /**
-   * Determines how we cache
-   */
-  mode: 'allow' | 'deny' = 'deny';
-}
-
-/**
- * Determines if we should cache all get requests
- */
-@Injectable()
-export class ResponseCacheInterceptor implements WebInterceptor {
-
-  category: WebInterceptorCategory = 'response';
-  dependsOn = [EtagInterceptor];
-
-  @Inject()
-  config: ResponseCacheConfig;
-
-  applies({ config, endpoint }: WebInterceptorContext<ResponseCacheConfig>): boolean {
-    return !!endpoint.cacheable && config.applies && config.mode === 'deny';
-  }
-
-  async filter({ next }: WebChainedContext<ResponseCacheConfig>): Promise<WebResponse> {
-    const response = await next();
-    response.headers.setIfAbsent('Cache-Control', WebCommonUtil.getCacheControlValue(0));
-    return response;
-  }
-}