From 09d9fb9f768b52c6bcc756cb7b44c3634fe5ce84 Mon Sep 17 00:00:00 2001 From: shad0w Date: Wed, 24 Jun 2026 10:20:47 +0000 Subject: [PATCH] docs: PDF middleware svc-bypass + per-PO caching (merged #127/#128) --- Deployment-and-Operations.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Deployment-and-Operations.md b/Deployment-and-Operations.md index 6882bf7..e1db046 100644 --- a/Deployment-and-Operations.md +++ b/Deployment-and-Operations.md @@ -63,7 +63,11 @@ defaults (GST/EPFO stay stub-capable; PdfService skips token checks). renders the app's `/api/po//export?…&svc=` page (the token lets it fetch without a user session), uploads the PDF to R2, and the app returns a `mailto:` with a **7-day** presigned link. `APP_INTERNAL_URL` is the URL -PdfService uses to reach the app (defaults to `NEXTAUTH_URL`). +PdfService uses to reach the app (defaults to `NEXTAUTH_URL`). The auth +middleware lets the `svc`-token export request through (`lib/pdf-export-auth.ts` +— without it the unauthenticated render is bounced to `/login`), and the rendered +PDF is **cached per PO** at a deterministic key: repeat sends reuse the stored +copy and only mint a fresh 7-day link, re-rendering only when the PO changed. ## Release & deploy flow