.

Author: gildesmarais

CONFIGURATION.md

@@ -14,10 +14,11 @@
 
 ### Health Check Configuration
 
-| Variable                | Description           | Default        | Example    |
-| ----------------------- | --------------------- | -------------- | ---------- |
-| `HEALTH_CHECK_USERNAME` | Health check username | Auto-generated | `health`   |
-| `HEALTH_CHECK_PASSWORD` | Health check password | Auto-generated | `changeme` |
+| Variable             | Description        | Default     | Example                     |
+| -------------------- | ------------------ | ----------- | --------------------------- |
+| `HEALTH_CHECK_TOKEN` | Health check token | From config | `health-check-token-xyz789` |
+
+**Note:** Health check authentication now uses Bearer token authentication instead of username/password. The token is configured in `config/feeds.yml` under the `health-check` account.
 
 ### Ruby Integration
 

Dockerfile

@@ -45,7 +45,7 @@ ENV PORT=3000 \
 EXPOSE $PORT
 
 HEALTHCHECK --interval=30m --timeout=60s --start-period=5s \
-  CMD curl -f http://${HEALTH_CHECK_USERNAME}:${HEALTH_CHECK_PASSWORD}@localhost:${PORT}/health_check.txt || exit 1
+  CMD curl -f -H "Authorization: Bearer ${HEALTH_CHECK_TOKEN}" http://localhost:${PORT}/health_check.txt || exit 1
 
 ARG USER=html2rss
 ARG UID=991

Gemfile

@@ -12,7 +12,6 @@ gem 'html2rss-configs', github: 'html2rss/html2rss-configs'
 # gem 'html2rss', path: '../html2rss'
 # gem 'html2rss-configs', path: '../html2rss-configs'
 
-gem 'base64'
 gem 'parallel'
 gem 'rack-attack'
 gem 'rack-cache'

Gemfile.lock

@@ -236,7 +236,6 @@ PLATFORMS
   x86_64-linux-musl
 
 DEPENDENCIES
-  base64
   byebug
   climate_control
   html2rss!

README.md

@@ -39,31 +39,72 @@ The application can be configured using environment variables. See the [configur
 - **XML Sanitization**: Prevents XML injection attacks in RSS output
 - **CSP Headers**: Content Security Policy headers prevent XSS attacks
 
+## RESTful API
+
+The application now provides a modern RESTful API v1 that follows industry standards:
+
+- **Resource-based URLs**: `/api/v1/feeds`, `/api/v1/strategies`
+- **HTTP methods**: GET, POST, PUT, DELETE
+- **Proper status codes**: 200, 201, 400, 401, 403, 404, 500
+- **JSON responses**: Consistent response format
+- **Content negotiation**: XML for RSS feeds, JSON for metadata
+- **OpenAPI documentation**: Complete API specification
+
+### Quick Start
+
+```bash
+# List available feeds
+curl "https://your-domain.com/api/v1/feeds"
+
+# Create a new feed
+curl -X POST "https://your-domain.com/api/v1/feeds" \
+  -H "Authorization: Bearer your-token" \
+  -H "Content-Type: application/json" \
+  -d '{"url": "https://example.com", "name": "Example Feed"}'
+
+# Get feed metadata
+curl "https://your-domain.com/api/v1/feeds/example"
+
+# Get RSS content
+curl -H "Accept: application/xml" "https://your-domain.com/api/v1/feeds/example"
+```
+
+### Documentation
+
+- [RESTful API v1 Documentation](docs/api/v1/README.md)
+- [OpenAPI Specification](docs/api/v1/openapi.yaml)
+
 ## Public Feed Access
 
-The application now supports secure public access to RSS feeds without requiring authentication headers. This is perfect for sharing feeds with RSS readers and other applications.
+The application supports secure public access to RSS feeds without requiring authentication headers. This is perfect for sharing feeds with RSS readers and other applications.
 
 ### How It Works
 
-1. **Create a Feed**: Use the auto source feature to generate a feed
+1. **Create a Feed**: Use the RESTful API or auto source feature to generate a feed
 2. **Get Public URL**: The system returns a public URL with an embedded token
 3. **Share the URL**: Anyone can access the feed using this URL
 4. **Secure Access**: The token is cryptographically signed and URL-bound
 
 ### Example
 
 ```bash
-# Create a feed
-curl -X POST "https://your-domain.com/auto_source/create" \
+# Create a feed via RESTful API
+curl -X POST "https://your-domain.com/api/v1/feeds" \
   -H "Authorization: Bearer your-token" \
-  -d "url=https://example.com&name=Example Feed"
+  -H "Content-Type: application/json" \
+  -d '{"url": "https://example.com", "name": "Example Feed"}'
 
 # Response includes public_url
 {
-  "id": "abc123",
-  "name": "Example Feed", 
-  "url": "https://example.com",
-  "public_url": "/feeds/abc123?token=...&url=https%3A%2F%2Fexample.com"
+  "success": true,
+  "data": {
+    "feed": {
+      "id": "abc123",
+      "name": "Example Feed", 
+      "url": "https://example.com",
+      "public_url": "/feeds/abc123?token=...&url=https%3A%2F%2Fexample.com"
+    }
+  }
 }
 
 # Access the feed publicly

app.rb

@@ -13,9 +13,11 @@
 require_relative 'app/feeds'
 require_relative 'app/health_check'
 require_relative 'app/local_config'
-require_relative 'app/response_context'
+require_relative 'app/exceptions'
 require_relative 'app/xml_builder'
 require_relative 'app/security_logger'
+require_relative 'app/api/v1/router'
+require_relative 'app/api/v1/health'
 
 module Html2rss
   module Web
@@ -41,7 +43,17 @@ def development? = self.class.development?
       plugin :error_handler do |error|
         next exception_page(error) if development?
 
-        response.status = 500
+        # Map custom exceptions to HTTP status codes
+        status = case error
+                 when UnauthorizedError then 401
+                 when BadRequestError then 400
+                 when ForbiddenError then 403
+                 when NotFoundError then 404
+                 when MethodNotAllowedError then 405
+                 else 500
+                 end
+
+        response.status = status
         response['Content-Type'] = 'application/xml'
         require_relative 'app/xml_builder'
         XmlBuilder.build_error_feed(message: error.message)
@@ -54,7 +66,12 @@ def development? = self.class.development?
       route do |r|
         r.public
 
-        # API routes
+        # RESTful API v1 routes (must come before legacy routes)
+        r.on 'api', 'v1' do
+          Api::V1::Router.route(r)
+        end
+
+        # Legacy API routes (backward compatibility)
         r.on 'api' do
           r.response['Content-Type'] = 'application/json'
 
@@ -68,7 +85,11 @@ def development? = self.class.development?
             JSON.generate(list_available_strategies)
           end
 
+          # Only match legacy feed names (not v1 paths)
           r.get String do |feed_name|
+            # Skip if this looks like a v1 path
+            next if feed_name.start_with?('v1/')
+
             handle_feed_generation(r, feed_name)
           end
         end
@@ -276,19 +297,28 @@ def handle_authenticated_feed(router)
       end
 
       def handle_health_check(router)
-        health_check_account = HealthCheck.find_health_check_account
-        account = Auth.authenticate(router)
+        # Delegate to V1 API health endpoint to eliminate duplication
+
+        health_response = Api::V1::Health.show(router)
 
-        if account && health_check_account && account[:token] == health_check_account[:token]
+        if health_response[:success] && health_response.dig(:data, :health, :status) == 'healthy'
           router.response['Content-Type'] = 'text/plain'
-          HealthCheck.run
+          'success'
         else
-          router.response.status = 401
-          router.response['WWW-Authenticate'] = 'Bearer realm="Health Check"'
-          router.response['Content-Type'] = 'application/xml'
-          require_relative 'app/xml_builder'
-          XmlBuilder.build_error_feed(message: 'Unauthorized', title: 'Health Check Unauthorized')
+          router.response.status = 500
+          router.response['Content-Type'] = 'text/plain'
+          'health check failed'
         end
+      rescue UnauthorizedError
+        router.response.status = 401
+        router.response['WWW-Authenticate'] = 'Bearer realm="Health Check"'
+        router.response['Content-Type'] = 'application/xml'
+        require_relative 'app/xml_builder'
+        XmlBuilder.build_error_feed(message: 'Unauthorized', title: 'Health Check Unauthorized')
+      rescue StandardError => error
+        router.response.status = 500
+        router.response['Content-Type'] = 'text/plain'
+        "health check error: #{error.message}"
       end
     end
   end

app/api/v1/feeds.rb

@@ -0,0 +1,135 @@
+# frozen_string_literal: true
+
+require_relative '../../auth'
+require_relative '../../auto_source'
+require_relative '../../feeds'
+require_relative '../../xml_builder'
+require_relative '../../exceptions'
+require_relative '../../../helpers/api_response_helpers'
+
+module Html2rss
+  module Web
+    module Api
+      module V1
+        ##
+        # RESTful API v1 for feeds resource
+        # Handles CRUD operations for RSS feeds
+        module Feeds
+          module_function
+
+          ##
+          # List all available feeds
+          # GET /api/v1/feeds
+          # @param request [Roda::Request] request object
+          # @return [Hash] JSON response with feeds list
+          def index(request)
+            feeds = Html2rss::Web::Feeds.list_feeds.map do |feed|
+              {
+                id: feed[:name],
+                name: feed[:name],
+                description: feed[:description],
+                url: "/api/v1/feeds/#{feed[:name]}",
+                created_at: nil, # Static feeds don't have creation time
+                updated_at: nil
+              }
+            end
+
+            ApiResponseHelpers.success_response(
+              { feeds: feeds },
+              { total: feeds.count }
+            )
+          end
+
+          ##
+          # Get a specific feed
+          # GET /api/v1/feeds/{id}
+          # @param request [Roda::Request] request object
+          # @param feed_id [String] feed identifier
+          # @return [Hash] JSON response with feed data or XML feed content
+          def show(request, feed_id)
+            # Check if client wants JSON metadata or XML feed content
+            if json_request?(request)
+              show_feed_metadata(feed_id)
+            else
+              generate_feed_content(request, feed_id)
+            end
+          end
+
+          ##
+          # Create a new feed from URL
+          # POST /api/v1/feeds
+          # @param request [Roda::Request] request object
+          # @return [Hash] JSON response with created feed data
+          def create(request)
+            account = Auth.authenticate(request)
+            raise UnauthorizedError, 'Authentication required' unless account
+
+            url = request.params['url']
+            name = request.params['name'] || extract_site_title(url)
+            strategy = request.params['strategy'] || 'ssrf_filter'
+
+            raise BadRequestError, 'URL parameter is required' unless url
+            raise BadRequestError, 'Invalid URL format' unless Auth.valid_url?(url)
+            raise ForbiddenError, 'URL not allowed for this account' unless Auth.url_allowed?(account, url)
+
+            feed_data = AutoSource.create_stable_feed(name, url, account, strategy)
+            raise InternalServerError, 'Failed to create feed' unless feed_data
+
+            ApiResponseHelpers.success_response({
+                                                  feed: {
+                                                    id: feed_data[:id],
+                                                    name: feed_data[:name],
+                                                    url: feed_data[:url],
+                                                    strategy: feed_data[:strategy],
+                                                    public_url: feed_data[:public_url],
+                                                    created_at: Time.now.iso8601,
+                                                    updated_at: Time.now.iso8601
+                                                  }
+                                                }, { created: true })
+          end
+
+          def json_request?(request)
+            accept_header = request.env['HTTP_ACCEPT'] || ''
+            accept_header.include?('application/json') && !accept_header.include?('application/xml')
+          end
+
+          def show_feed_metadata(feed_id)
+            config = LocalConfig.find(feed_id)
+            raise NotFoundError, 'Feed not found' unless config
+
+            ApiResponseHelpers.success_response({
+                                                  feed: {
+                                                    id: feed_id,
+                                                    name: feed_id,
+                                                    description: "RSS feed for #{feed_id}",
+                                                    url: "/api/v1/feeds/#{feed_id}",
+                                                    strategy: config[:strategy] || 'ssrf_filter',
+                                                    created_at: nil,
+                                                    updated_at: nil
+                                                  }
+                                                })
+          end
+
+          def generate_feed_content(request, feed_id)
+            rss_content = Html2rss::Web::Feeds.generate_feed(feed_id, request.params)
+            config = LocalConfig.find(feed_id)
+            ttl = config&.dig(:channel, :ttl) || 3600
+
+            # Set appropriate headers for XML response
+            request.response['Content-Type'] = 'application/xml'
+            request.response['Cache-Control'] = "public, max-age=#{ttl}"
+
+            # Convert RSS object to string
+            rss_content.to_s
+          end
+
+          def extract_site_title(url)
+            AutoSource.extract_site_title(url)
+          end
+
+          private
+        end
+      end
+    end
+  end
+end