Add offline clip caching

backend/app/routes/auth.py

@@ -23,6 +23,7 @@ from ..auth import (
 )
 from ..config import settings
 from ..database import get_db
+from ..http_cache import set_no_store
 from ..models import UserSession
 from .teamsnap import build_proxy_api_root
 from ..schemas import (
@@ -47,6 +48,7 @@ def teamsnap_start(return_to: str | None = Query(default="/")) -> Response:
         raise HTTPException(status_code=status.HTTP_503_SERVICE_UNAVAILABLE, detail="TeamSnap is not configured")
     state = secrets.token_urlsafe(24)
     response = JSONResponse({"authorize_url": build_teamsnap_authorize_url(state), "state": state})
+    set_no_store(response)
     response.set_cookie(
         settings.auth_return_cookie_name,
         normalize_return_to(return_to),
@@ -73,13 +75,18 @@ async def teamsnap_callback(
     db.commit()
     redirect_target = normalize_return_to(request.cookies.get(settings.auth_return_cookie_name))
     redirect = RedirectResponse(url=redirect_target, status_code=status.HTTP_303_SEE_OTHER)
+    set_no_store(redirect)
     set_session_cookie(redirect, session.session_token)
     redirect.delete_cookie(settings.auth_return_cookie_name)
     return redirect
 
 
 @router.get("/session", response_model=SessionResponse)
-def session_status(session: UserSession | None = Depends(get_current_session)) -> SessionResponse:
+def session_status(
+    response: Response,
+    session: UserSession | None = Depends(get_current_session),
+) -> SessionResponse:
+    set_no_store(response)
     if session is None:
         return SessionResponse(authenticated=False)
     return SessionResponse(
@@ -96,6 +103,7 @@ def session_status(session: UserSession | None = Depends(get_current_session)) -
 @router.post("/teamsnap/token", response_model=TeamSnapTokenResponse)
 async def teamsnap_token(
     request: Request,
+    response: Response,
     session: UserSession = Depends(require_session),
     db: Session = Depends(get_db),
 ) -> TeamSnapTokenResponse:
@@ -115,6 +123,7 @@ async def teamsnap_token(
         db.commit()
         db.refresh(session)
 
+    set_no_store(response)
     return TeamSnapTokenResponse(
         access_token=session.access_token,
         expires_at=session.token_expires_at,
@@ -126,6 +135,7 @@ async def teamsnap_token(
 @router.post("/session/walkup", response_model=SessionResponse)
 def update_walkup_session_selection(
     payload: WalkupSessionSelectionUpdate,
+    response: Response,
     session: UserSession = Depends(require_session),
     db: Session = Depends(get_db),
 ) -> SessionResponse:
@@ -137,6 +147,7 @@ def update_walkup_session_selection(
     db.add(session)
     db.commit()
     db.refresh(session)
+    set_no_store(response)
     return SessionResponse(
         authenticated=True,
         provider=session.provider,
@@ -156,6 +167,7 @@ def admin_login(payload: AdminLoginRequest, response: Response, db: Session = De
     db.add(session)
     db.commit()
     set_session_cookie(response, session.session_token)
+    set_no_store(response)
     return SessionResponse(authenticated=True, provider="local", is_admin=True)
 
 
@@ -169,9 +181,11 @@ def logout(
         db.delete(session)
         db.commit()
     clear_session_cookie(response)
+    set_no_store(response)
     return {"ok": True}
 
 
 @router.get("/admin/check", response_model=SessionResponse)
-def admin_check(_: UserSession = Depends(require_admin)) -> SessionResponse:
+def admin_check(response: Response, _: UserSession = Depends(require_admin)) -> SessionResponse:
+    set_no_store(response)
     return SessionResponse(authenticated=True, provider="local", is_admin=True)