fix: cache public assets and safe SWR APIs at the edge

[kasperpawlowski]

Summary

• Add current Nuxt route rules for long-lived static assets and selected public/SWR API responses.
• Narrow reward proxy edge caching to shared endpoints only, leaving account-specific reward and proof paths uncached.
• Keep cache protection layered: one Nitro plugin forces no-store on error responses, while a separate sensitive-route plugin forces no-store for live/account-specific routes, including trailing-slash variants.

Safety

• HTML and unknown routes still fall through to strict no-store headers.
• Geo-blocked and upstream error responses are explicitly protected from public CDN caching.
• User-specific reward/proof routes remain no-store at both browser and edge layers, including normalized trailing-slash paths.

Validation

• npx eslint nuxt.config.ts server/plugins/cache-error-responses.ts server/plugins/sensitive-route-cache.ts server/utils/cache-headers.ts tests/server/cache-error-responses.test.ts tests/server/sensitive-route-cache.test.ts
• npm run test:run -- tests/server/cache-error-responses.test.ts tests/server/sensitive-route-cache.test.ts
• git diff --check
• npm run build
• Built-server smoke on 127.0.0.1:3027 for trailing-slash sensitive reward routes returning Cache-Control, CDN-Cache-Control, and Cloudflare-CDN-Cache-Control as no-store.

Summary by CodeRabbit

• New Features
  • Improved caching for static assets and select public data endpoints, which should make pages load faster and reduce repeated requests.
  • Added stronger browser/CDN caching for version-stable resources like app assets, fonts, images, and some content collections.
  • Introduced targeted edge caching for certain APIs, helping responses stay fresher while improving performance.
• Bug Fixes
  • Tightened no-cache handling for sensitive and live data routes to avoid serving stale content where it matters.

[railway-app]

🚅 Deployed to the euler-lite-pr-497 environment in euler-lite

Service	Status	Web	Updated (UTC)
dev-build	✅ Success (View Logs)	Web	Jun 26, 2026 at 2:22 pm

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: euler-xyz/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0ee6a02a-e47f-437e-8516-852e4201299b

📥 Commits

Reviewing files that changed from the base of the PR and between cf7e948 and a171e36.

📒 Files selected for processing (1)

• nuxt.config.ts

💤 Files with no reviewable changes (1)

• nuxt.config.ts

---

📝 Walkthrough

Walkthrough

The PR expands nuxt.config.ts caching configuration to add explicit CDN/browser cache headers for static assets and multiple API route families with SWR-compatible edge caching, while maintaining no-store for HTML and unmatched routes.

Changes

Cache Configuration Rules

Layer / File(s)	Summary
Static asset caching rules nuxt.config.ts	_nuxt/**, /fonts/**, /logo.svg, /logo.png, /manifest-img.png, /entities/**, /oracles/**, /favicons/**, and /sounds/** use explicit long-lived cache headers.
API route caching and non-caching boundary nuxt.config.ts	Multiple API families (/api/vaults, /api/public/**, /api/labels/**, /api/euler-chains, /api/proxy/..., /api/token-list, /api/tos) apply SWR-compatible edge caching; the fallback comment now lists HTML and sensitive live routes as non-cacheable.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• euler-xyz/euler-lite#218: Both PRs modify nuxt.config.ts's nitro.routeRules to manage Cache-Control behavior; this PR expands on the basic caching strategy with detailed asset and API-specific rules.

Poem

🐰 Cache rules now clear, from font to vault,
Static assets rest without fault,
APIs dance with SWR delight,
HTML stays fresh, no stale bytes to fight,
Edge and browser sing in sync tonight! 🚀

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: edge caching for public assets and selected safe SWR APIs.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/edge-cache-route-rules

---

_{Comment @coderabbitai help to get the list of available commands.}

[LeonardEulerXYZ]

Leonard review — PR #497

Verdict: COMMENT — no blocking findings found.

Reviewed head: 962946c4cd0796fcc424848b37d0770007725737

Scope reviewed:

• nuxt.config.ts route rules for static assets, public/SWR API paths, and strict fallback no-store.
• server/plugins/cache-error-responses.ts no-store guard for error responses and sensitive/live paths.
• tests/server/cache-error-responses.test.ts coverage for error and sensitive-path behavior.
• Existing reward/public API handlers around the newly cached paths, to check that user/account-specific endpoints remain outside the edge-cache set.

Validation performed:

• npx eslint nuxt.config.ts server/plugins/cache-error-responses.ts tests/server/cache-error-responses.test.ts
• npm run test:run -- tests/server/cache-error-responses.test.ts — 11 tests passed.
• npm run build — completed successfully.
• git diff --check
• Built-server API/header smoke:
  • / remains no-store.
  • /logo.svg and /favicons/favicon.ico receive public static-asset cache headers.
  • /api/token-list?chainId=1, /api/euler-chains, and /api/public/metadata?... receive the intended browser cache + CDN SWR headers locally.
  • Invalid /api/token-list?... error responses are forced back to no-store.
  • /api/screen-address and /api/rpc/1 remain no-store.
• Railway preview spot-check confirmed the same browser-facing Cache-Control behavior for representative HTML/static/API/error paths. CDN-specific headers are not visible on that preview host, so I treated the local Nitro build as the source for those origin headers.
• Light headed Chromium/Xvfb desktop + mobile load smoke of / confirmed the app shell renders. Browser smoke only; no wallet/signing coverage.

Scalability / maintainability hygiene pass:

• The change is centralized in route rules plus one Nitro guard plugin rather than one-off per-handler patches.
• I checked sibling public API and reward proxy handlers against the cache boundary: public list-style endpoints are explicitly cached; account/proof/subgraph/RPC/Tenderly/screening paths remain on fallback or plugin-enforced no-store.
• No missed sibling route or duplicated old behavior found. The remaining repeated cache-header literals in nuxt.config.ts are verbose but localized configuration, not a correctness issue in this PR.

Bot feedback reviewed:

• No active inline CodeRabbit findings were present.
• CodeRabbit's walkthrough uses some stale/imprecise route names for the rewards/intrinsic-APY surface, but I did not find an actionable code issue behind that wording.

Screenshots:

• Not posted; this PR changes cache/header behavior rather than a visual UI surface, so API/header smoke was the useful evidence.

[LeonardEulerXYZ]

Leonard review — PR #497

Verdict: COMMENT — no blocking findings found.

Reviewed head: a171e36580226d8268c965e3aaa228f37e480011

Scope reviewed:

• nuxt.config.ts route rules for long-lived public assets, SWR-friendly public APIs, and fallback no-store.
• server/plugins/cache-error-responses.ts, server/plugins/sensitive-route-cache.ts, and server/utils/cache-headers.ts for layered no-store protection on errors and sensitive/live routes.
• Focused tests for error-response and sensitive-path cache behavior.
• Surrounding public/reward/API proxy handlers to verify which endpoints are shared public data versus account-specific or freshness-sensitive data.

Validation performed:

• npx eslint nuxt.config.ts server/plugins/cache-error-responses.ts server/plugins/sensitive-route-cache.ts server/utils/cache-headers.ts tests/server/cache-error-responses.test.ts tests/server/sensitive-route-cache.test.ts — passed.
• npm run test:run -- tests/server/cache-error-responses.test.ts tests/server/sensitive-route-cache.test.ts — 16 tests passed.
• npm run build — passed; only existing bundle/chunk-size style warnings observed.
• git diff --check — passed.
• Local built-server header smoke covered representative static, public, error, and sensitive paths:
  • / stays no-store.
  • /logo.svg and /favicons/favicon.ico receive public static-asset cache headers.
  • /api/euler-chains, /api/public/metadata?chainId=1, and /api/token-list?chainId=1 receive the intended public browser/CDN cache headers.
  • Invalid /api/token-list?chainId=bad is forced to no-store.
  • /api/rpc/1, /api/proxy/subgraph/1, /api/screen-address, /api/pyth/updates, user Merkl rewards including trailing slash, Fuul claimable rewards, Incentra proofs, and Turtle proof paths are forced to no-store.
  • Shared reward endpoints such as Fuul incentives and Incentra Euler campaigns keep the intended public cache headers.
• Railway preview header smoke confirmed the same representative browser/origin headers for HTML, static, public API, error, RPC, and trailing-slash user Merkl reward paths.
• Light headed Chromium/Xvfb desktop and mobile load smoke of / on the preview confirmed the real app shell renders with no page errors. Browser smoke only; no wallet/signing coverage.

Scalability / maintainability hygiene pass:

• The fix is centralized in route rules plus small Nitro plugins and a shared forceNoStoreCacheHeaders helper, rather than one-off per-handler patches.
• I searched sibling server API handlers that set or depend on cache headers. The cached route set matches the public/list-style handlers; account-specific, proof, RPC, screening, subgraph, Pyth, Tenderly, and Turtle paths remain covered by fallback or plugin-enforced no-store.
• The split of sensitive-route handling into its own plugin is cleaner than overloading the error-response plugin, and the added trailing-slash tests cover the edge that could otherwise leak back to route-rule headers.
• No missed sibling surface found. If this cache matrix grows further, the repeated literal header objects in nuxt.config.ts are a candidate for named constants/table-driven config, but I would not block this PR on that.

Bot/reviewer feedback reviewed:

• No active inline CodeRabbit findings were present on the current head.
• CodeRabbit’s generated summary is broad but non-actionable; I did not find a material bot claim that needs correction.

Screenshots:

• Not posted. This PR changes cache/header behavior rather than a visual UI surface, so API/header smoke is the relevant evidence. Mobile coverage was a headed app-shell load check, not a visual regression pass.