clean

Author: gildesmarais

app.rb

@@ -3,6 +3,7 @@
 require 'roda'
 require 'rack/cache'
 require 'json'
+require 'base64'
 
 require 'html2rss'
 require_relative 'app/environment_validator'
@@ -11,6 +12,7 @@
 require_relative 'app/auto_source'
 require_relative 'app/feeds'
 require_relative 'app/health_check'
+require_relative 'app/local_config'
 require_relative 'app/response_context'
 require_relative 'app/xml_builder'
 require_relative 'app/security_logger'
@@ -33,17 +35,73 @@ def development? = self.class.development?
       RodaConfig.configure(self)
 
       plugin :hash_branches
+      plugin :json_parser
+      plugin :public
+      plugin :exception_page
+      plugin :error_handler do |error|
+        next exception_page(error) if development?
 
-      Dir['routes/*.rb'].each { |f| require_relative f }
+        response.status = 500
+        response['Content-Type'] = 'application/xml'
+        require_relative 'app/xml_builder'
+        XmlBuilder.build_error_feed(message: error.message)
+      end
 
-      @show_backtrace = development? && !ENV['CI']
+      # Routes are now defined directly in this file for better clarity
 
-      AppRoutes.load_routes(self)
+      @show_backtrace = development? && !ENV['CI']
 
       route do |r|
         r.public
-        r.hash_branches('')
 
+        # API routes
+        r.on 'api' do
+          r.response['Content-Type'] = 'application/json'
+
+          r.get 'feeds.json' do
+            r.response['Cache-Control'] = 'public, max-age=300'
+            JSON.generate(Feeds.list_feeds)
+          end
+
+          r.get 'strategies.json' do
+            r.response['Cache-Control'] = 'public, max-age=3600'
+            JSON.generate(list_available_strategies)
+          end
+
+          r.get String do |feed_name|
+            handle_feed_generation(r, feed_name)
+          end
+        end
+
+        # Auto source routes
+        r.on 'auto_source' do
+          if AutoSource.enabled?
+            r.post 'create' do
+              handle_create_feed(r)
+            end
+
+            r.get String do |encoded_url|
+              handle_legacy_feed(r, encoded_url)
+            end
+          else
+            r.response.status = 400
+            'Auto source feature is disabled'
+          end
+        end
+
+        # Feed routes
+        r.on 'feeds' do
+          r.get String do |feed_id|
+            handle_stable_feed(r, feed_id)
+          end
+        end
+
+        # Health check
+        r.get 'health_check.txt' do
+          handle_health_check(r)
+        end
+
+        # Root route
         r.root do
           index_path = 'public/frontend/index.html'
           response['Content-Type'] = 'text/html'
@@ -77,6 +135,161 @@ def fallback_html
           </html>
         HTML
       end
+
+      private
+
+      def list_available_strategies
+        strategies = Html2rss::RequestService.strategy_names.map do |name|
+          {
+            name: name.to_s,
+            display_name: name.to_s.split('_').map(&:capitalize).join(' ')
+          }
+        end
+
+        { strategies: strategies }
+      end
+
+      def handle_feed_generation(router, feed_name)
+        rss_content = Feeds.generate_feed(feed_name, router.params)
+        config = LocalConfig.find(feed_name)
+        ttl = config.dig(:channel, :ttl) || 3600
+
+        router.response['Content-Type'] = 'application/xml'
+        router.response['Cache-Control'] = "public, max-age=#{ttl}"
+        rss_content
+      end
+
+      def handle_create_feed(router)
+        account = Auth.authenticate(router)
+        unless account
+          router.response.status = 401
+          return 'Unauthorized'
+        end
+
+        url = router.params['url']
+        unless url && Auth.valid_url?(url)
+          router.response.status = 400
+          return 'Bad Request'
+        end
+
+        unless Auth.url_allowed?(account, url)
+          router.response.status = 403
+          return 'Forbidden'
+        end
+
+        strategy = router.params['strategy'] || 'ssrf_filter'
+        feed_data = AutoSource.create_stable_feed('Generated Feed', url, account, strategy)
+        unless feed_data
+          router.response.status = 500
+          return 'Internal Server Error'
+        end
+
+        router.response['Content-Type'] = 'application/json'
+        JSON.generate(feed_data)
+      end
+
+      def handle_legacy_feed(router, encoded_url)
+        account = Auth.authenticate(router)
+        unless account
+          router.response.status = 401
+          return 'Unauthorized'
+        end
+
+        unless AutoSource.allowed_origin?(router)
+          router.response.status = 403
+          return 'Forbidden'
+        end
+
+        decoded_url = Base64.urlsafe_decode64(encoded_url)
+        unless decoded_url && Auth.valid_url?(decoded_url)
+          router.response.status = 400
+          return 'Bad Request'
+        end
+
+        unless AutoSource.url_allowed_for_token?(account, decoded_url)
+          router.response.status = 403
+          return 'Forbidden'
+        end
+
+        strategy = router.params['strategy'] || 'ssrf_filter'
+        rss_content = AutoSource.generate_feed_content(decoded_url, strategy)
+
+        router.response['Content-Type'] = 'application/xml'
+        rss_content.to_s
+      rescue ArgumentError
+        router.response.status = 400
+        'Bad Request'
+      end
+
+      def handle_stable_feed(router, feed_id)
+        feed_token = router.params['token']
+
+        if feed_token
+          handle_public_feed(router, feed_id, feed_token)
+        else
+          handle_authenticated_feed(router)
+        end
+      end
+
+      def handle_public_feed(router, _feed_id, feed_token)
+        url = router.params['url']
+        unless url && Auth.valid_url?(url)
+          router.response.status = 400
+          return 'Bad Request'
+        end
+
+        unless Auth.feed_url_allowed?(feed_token, url)
+          router.response.status = 403
+          return 'Forbidden'
+        end
+
+        strategy = router.params['strategy'] || 'ssrf_filter'
+        rss_content = AutoSource.generate_feed_content(url, strategy)
+
+        router.response['Content-Type'] = 'application/xml'
+        rss_content.to_s
+      end
+
+      def handle_authenticated_feed(router)
+        account = Auth.authenticate(router)
+        unless account
+          router.response.status = 401
+          return 'Unauthorized'
+        end
+
+        url = router.params['url']
+        unless url && Auth.valid_url?(url)
+          router.response.status = 400
+          return 'Bad Request'
+        end
+
+        unless Auth.url_allowed?(account, url)
+          router.response.status = 403
+          return 'Forbidden'
+        end
+
+        strategy = router.params['strategy'] || 'ssrf_filter'
+        rss_content = AutoSource.generate_feed_content(url, strategy)
+
+        router.response['Content-Type'] = 'application/xml'
+        rss_content.to_s
+      end
+
+      def handle_health_check(router)
+        health_check_account = HealthCheck.find_health_check_account
+        account = Auth.authenticate(router)
+
+        if account && health_check_account && account[:token] == health_check_account[:token]
+          router.response['Content-Type'] = 'text/plain'
+          HealthCheck.run
+        else
+          router.response.status = 401
+          router.response['WWW-Authenticate'] = 'Bearer realm="Health Check"'
+          router.response['Content-Type'] = 'application/xml'
+          require_relative 'app/xml_builder'
+          XmlBuilder.build_error_feed(message: 'Unauthorized', title: 'Health Check Unauthorized')
+        end
+      end
     end
   end
 end

app/roda_config.rb

@@ -104,21 +104,11 @@ def advanced_security_headers
       end
 
       def setup_error_handling(app)
-        app.plugin :exception_page
-        app.plugin :error_handler do |error|
-          next exception_page(error) if app.development?
-
-          response.status = 500
-          response['Content-Type'] = 'application/xml'
-          require_relative 'xml_builder'
-          XmlBuilder.build_error_feed(message: error.message)
-        end
+        # Error handling is now configured directly in app.rb for better clarity
       end
 
       def setup_plugins(app)
-        app.plugin :public
-        app.plugin :hash_branches
-        app.plugin :json_parser # Handle JSON request bodies automatically
+        # Plugins are now configured directly in app.rb for better clarity
       end
     end
   end

frontend/astro.config.mjs

@@ -11,26 +11,11 @@ export default defineConfig({
   vite: {
     server: {
       proxy: {
-        "/api": {
-          target: "http://localhost:3000",
-          changeOrigin: true,
-        },
-        "/auto_source": {
-          target: "http://localhost:3000",
-          changeOrigin: true,
-        },
-        "/feeds": {
-          target: "http://localhost:3000",
-          changeOrigin: true,
-        },
-        "/health_check.txt": {
-          target: "http://localhost:3000",
-          changeOrigin: true,
-        },
-        "/rss.xsl": {
-          target: "http://localhost:3000",
-          changeOrigin: true,
-        },
+        "/api": "http://localhost:3000",
+        "/auto_source": "http://localhost:3000",
+        "/feeds": "http://localhost:3000",
+        "/health_check.txt": "http://localhost:3000",
+        "/rss.xsl": "http://localhost:3000",
       },
     },
   },