2 files changed, 17 insertions, 8 deletions

diff --git a/middlewares/CacheMiddleware.php b/middlewares/CacheMiddleware.php
index bffde4af..b8a34754 100644
--- a/middlewares/CacheMiddleware.php
+++ b/middlewares/CacheMiddleware.php
@@ -13,7 +13,7 @@ class CacheMiddleware implements Middleware
 
     public function __invoke(Request $request, $next): Response
     {
-        $action = $request->attribute('action');
+        $action = $request->getAttribute('action');
 
         if ($action !== 'DisplayAction') {
             // We only cache DisplayAction (for now)
@@ -43,9 +43,14 @@ class CacheMiddleware implements Middleware
         /** @var Response $response */
         $response = $next($request);
 
-        if (in_array($response->getCode(), [403, 429, 500, 503])) {
+        if ($response->getCode() === 200) {
+            // Do nothing because DisplayAction has already cached this on $cacheKey
+        } elseif (in_array($response->getCode(), [400, 403, 404, 429, 500, 503])) {
             // Cache these responses for about ~10 mins on average
             $this->cache->set($cacheKey, $response, 60 * 5 + rand(1, 60 * 10));
+        } else {
+            // Should never happen
+            $this->cache->set($cacheKey, $response, 60 * 5);
         }
 
         // For 1% of requests, prune cache
diff --git a/middlewares/TokenAuthenticationMiddleware.php b/middlewares/TokenAuthenticationMiddleware.php
index f8234629..31544ab7 100644
--- a/middlewares/TokenAuthenticationMiddleware.php
+++ b/middlewares/TokenAuthenticationMiddleware.php
@@ -10,20 +10,24 @@ class TokenAuthenticationMiddleware implements Middleware
             return $next($request);
         }
 
-        // Always add token to request attribute
-        $request = $request->withAttribute('token', $request->get('token'));
+        $token = $request->get('token');
 
-        if (! $request->attribute('token')) {
+        if (! $token) {
             return new Response(render(__DIR__ . '/../templates/token.html.php', [
-                'message' => 'Missing token',
+                'message'   => 'Missing token',
+                'token'     => '',
             ]), 401);
         }
-        if (! hash_equals(Configuration::getConfig('authentication', 'token'), $request->attribute('token'))) {
+
+        if (! hash_equals(Configuration::getConfig('authentication', 'token'), $token)) {
             return new Response(render(__DIR__ . '/../templates/token.html.php', [
-                'message' => 'Invalid token',
+                'message'   => 'Invalid token',
+                'token'     => $token,
             ]), 401);
         }
 
+        $request = $request->withAttribute('token', $token);
+
         return $next($request);
     }
 }