html2rss
diff --git a/‎app.rb‎
Lines changed: 12 additions & 148 deletions b/‎app.rb‎
Lines changed: 12 additions & 148 deletions
diff --git a/‎app/api_routes.rb‎
Lines changed: 0 additions & 2 deletions b/‎app/api_routes.rb‎
Lines changed: 0 additions & 2 deletions
@@ -14,6 +14,8 @@
 require_relative 'app/response_helpers'
 require_relative 'app/static_file_helpers'
 require_relative 'app/xml_builder'
+require_relative 'app/auto_source_routes'
+require_relative 'app/health_check_routes'
 
 module Html2rss
   module Web
@@ -25,6 +27,8 @@ class App < Roda
       include ApiRoutes
       include ResponseHelpers
       include StaticFileHelpers
+      include AutoSourceRoutes
+      include HealthCheckRoutes
 
       CONTENT_TYPE_RSS = 'application/xml'
 
@@ -108,27 +112,28 @@ def self.production_error_message
 
       plugin :exception_page
       plugin :error_handler do |error|
-        next exception_page(error) if ENV['RACK_ENV'] == 'development'
+        next exception_page(error) if development?
 
         response.status = 500
-        'Internal Server Error'
+        response['Content-Type'] = CONTENT_TYPE_RSS
+        XmlBuilder.build_error_feed(message: error.message)
       end
 
       plugin :public
       plugin :hash_branches
 
-      @show_backtrace = !ENV['CI'].to_s.empty? || (ENV['RACK_ENV'] == 'development')
+      @show_backtrace = !ENV['CI'].to_s.empty? || development?
 
       # API routes
       hash_branch 'api' do |r|
+        response['Content-Type'] = 'application/json'
+
         r.on 'feeds.json' do
-          response['Content-Type'] = 'application/json'
           response['Cache-Control'] = 'public, max-age=300'
           JSON.generate(Feeds.list_feeds)
         end
 
         r.on 'strategies.json' do
-          response['Content-Type'] = 'application/json'
           response['Cache-Control'] = 'public, max-age=3600'
           JSON.generate(ApiRoutes.list_available_strategies)
         end
@@ -147,160 +152,19 @@ def self.production_error_message
 
       # Auto source routes
       hash_branch 'auto_source' do |r|
-        return auto_source_disabled_response unless AutoSource.enabled?
-
-        # New stable feed creation and management
-        r.on 'create' do
-          handle_create_feed(r)
-        end
-
-        r.on 'feeds' do
-          handle_list_feeds(r)
-        end
-
-        # Legacy encoded URL route (for backward compatibility)
-        r.on String do |encoded_url|
-          handle_legacy_auto_source_feed(r, encoded_url)
-        end
+        handle_auto_source_routes(r)
       end
 
       # Health check route
       hash_branch 'health_check.txt' do |r|
-        handle_health_check(r)
+        handle_health_check_routes(r)
       end
 
       route do |r|
         r.public
         r.hash_branches
         handle_static_files(r)
       end
-
-      private
-
-      # Auto source route helpers
-      def auto_source_disabled_response
-        response.status = 400
-        'The auto source feature is disabled.'
-      end
-
-      def handle_stable_feed(router, feed_id)
-        url = router.params['url']
-        feed_token = router.params['token']
-
-        return bad_request_response('URL parameter required') unless url
-        return bad_request_response('URL too long') if url.length > 2048
-        return bad_request_response('Invalid URL format') unless Auth.valid_url?(url)
-
-        return handle_public_feed_access(router, feed_id, feed_token, url) if feed_token
-
-        handle_authenticated_feed_access(router, url)
-      rescue StandardError => error
-        handle_auto_source_error(error)
-      end
-
-      def handle_authenticated_feed_access(router, url)
-        token_data = Auth.authenticate(router)
-        return unauthorized_response unless token_data
-
-        return access_denied_response(url) unless AutoSource.url_allowed_for_token?(token_data, url)
-
-        strategy = router.params['strategy'] || 'ssrf_filter'
-        rss_content = AutoSource.generate_feed_content(url, strategy)
-
-        set_auto_source_headers
-        rss_content.to_s
-      end
-
-      def handle_public_feed_access(router, _feed_id, feed_token, url)
-        # Validate feed token and URL
-        return access_denied_response(url) unless Auth.feed_url_allowed?(feed_token, url)
-
-        strategy = router.params['strategy'] || 'ssrf_filter'
-        rss_content = AutoSource.generate_feed_content(url, strategy)
-
-        set_auto_source_headers
-        rss_content.to_s
-      rescue StandardError => error
-        handle_auto_source_error(error)
-      end
-
-      def handle_create_feed(router)
-        return method_not_allowed_response unless router.post?
-
-        token_data = Auth.authenticate(router)
-        return unauthorized_response unless token_data
-
-        url = router.params['url']
-        return bad_request_response('URL parameter required') unless url
-
-        return access_denied_response(url) unless AutoSource.url_allowed_for_token?(token_data, url)
-
-        create_feed_response(url, token_data, router.params)
-      rescue StandardError => error
-        handle_auto_source_error(error)
-      end
-
-      def create_feed_response(url, token_data, params)
-        name = params['name'] || "Auto-generated feed for #{url}"
-        strategy = params['strategy'] || 'ssrf_filter'
-
-        feed_data = AutoSource.create_stable_feed(name, url, token_data, strategy)
-        return internal_error_response unless feed_data
-
-        response['Content-Type'] = 'application/json'
-        JSON.generate(feed_data)
-      end
-
-      def handle_list_feeds(router)
-        token_data = Auth.authenticate(router)
-        return unauthorized_response unless token_data
-
-        # For stateless system, we can't list feeds without storage
-        # Return empty array for now
-        response['Content-Type'] = 'application/json'
-        JSON.generate([])
-      end
-
-      def handle_legacy_auto_source_feed(router, encoded_url)
-        token_data = AutoSource.authenticate_with_token(router)
-        return unauthorized_response unless token_data
-        return forbidden_origin_response unless AutoSource.allowed_origin?(router)
-
-        process_legacy_auto_source_request(router, encoded_url, token_data)
-      rescue StandardError => error
-        handle_auto_source_error(error)
-      end
-
-      def process_legacy_auto_source_request(router, encoded_url, token_data)
-        decoded_url = validate_and_decode_base64(encoded_url)
-        return bad_request_response('Invalid URL encoding') unless decoded_url
-        return bad_request_response('Invalid URL format') unless Auth.valid_url?(decoded_url)
-        return access_denied_response(decoded_url) unless AutoSource.url_allowed_for_token?(token_data, decoded_url)
-
-        strategy = router.params['strategy'] || 'ssrf_filter'
-        rss_content = AutoSource.generate_feed(encoded_url, strategy)
-        set_auto_source_headers
-        rss_content.to_s
-      end
-
-      def handle_auto_source_error(error)
-        response.status = 500
-        response['Content-Type'] = CONTENT_TYPE_RSS
-        AutoSource.error_feed(error.message)
-      end
-
-      # Health check route helpers
-      def handle_health_check(router)
-        token_data = Auth.authenticate(router)
-        health_check_account = HealthCheck.find_health_check_account
-
-        if token_data && health_check_account && token_data[:token] == health_check_account[:token]
-          response['Content-Type'] = 'text/plain'
-          HealthCheck.run
-        else
-          health_check_unauthorized
-        end
-      end
     end
   end
 end
@@ -32,8 +32,6 @@ def handle_feed_generation(router, feed_name)
       def rss_headers(router)
         router.response['Content-Type'] = 'application/xml'
         router.response['Cache-Control'] = 'public, max-age=3600'
-        router.response['X-Content-Type-Options'] = 'nosniff'
-        router.response['X-XSS-Protection'] = '1; mode=block'
       end
     end
   end