html2rss
diff --git a/‎CONFIGURATION.md‎
Lines changed: 0 additions & 60 deletions b/‎CONFIGURATION.md‎
Lines changed: 0 additions & 60 deletions
diff --git a/‎README.md‎
Lines changed: 76 additions & 214 deletions b/‎README.md‎
Lines changed: 76 additions & 214 deletions
@@ -2,238 +2,100 @@
 
 # html2rss-web
 
-This web application scrapes websites to build and deliver RSS 2.0 feeds with a modern, responsive interface.
+html2rss-web converts arbitrary websites into RSS 2.0 feeds with a slim Ruby backend and an Astro-powered frontend.
 
-**Features:**
+## Highlights
+- Responsive Astro interface with gallery and custom feed creation.
+- Automatic source discovery with token-scoped permissions.
+- Signed public feed URLs that work in standard RSS readers.
+- Built-in SSRF defences, input validation, and HMAC-protected tokens.
 
-- **Modern UI**: Clean, responsive Astro-based frontend with component architecture
-- **Feed Gallery**: Browse and discover popular RSS feeds
-- **Auto Source**: Generate feeds from any website automatically
-- **Stable URLs**: Provides stable URLs for feeds generated by automatic sourcing
-- **Public Feed Access**: Secure, token-based public access to RSS feeds without authentication headers
-- **Custom Feeds**: [Create your custom feeds](https://html2rss.github.io/web-application/tutorials/building-feeds)!
-- **Pre-built Configs**: Comes with plenty of [included configs](https://html2rss.github.io/web-application/how-to/use-included-configs)
-- **Performance**: Handles request caching and sets caching-related HTTP headers
-- **Progressive Enhancement**: Works without JavaScript, enhanced with modern features
-- **Security**: URL restrictions, authentication, SSRF protection, and input validation
+## Architecture
+- **Backend:** Ruby + Roda, backed by the `html2rss` gem for extraction.
+- **Frontend:** Astro static site with progressive enhancement.
+- **Distribution:** Docker Compose by default; other deployments require manual wiring.
 
-**Architecture:**
-
-- **Backend**: Ruby + Roda for API and RSS generation
-- **Frontend**: Astro for modern, fast static site generation
-- **Core Engine**: [`html2rss`](https://github.com/html2rss/html2rss) Ruby gem for feed generation
-
-## Configuration
-
-The application can be configured using environment variables. See the [configuration guide](CONFIGURATION.md) for details.
-
-### Security Features
-
-- **URL Restrictions**: Public instances can restrict auto source to specific URLs
-- **Authentication**: Token-based authentication for auto source and health check endpoints
-- **Public Feed Access**: Secure, stateless feed tokens for public RSS access
-- **HMAC-SHA256 Signing**: Cryptographically signed tokens prevent tampering
-- **URL Binding**: Feed tokens are bound to specific URLs for security
-- **SSRF Protection**: Built-in protection against Server-Side Request Forgery
-- **Input Validation**: Comprehensive validation of all inputs
-- **XML Sanitization**: Prevents XML injection attacks in RSS output
-- **CSP Headers**: Content Security Policy headers prevent XSS attacks
-
-## RESTful API
-
-The application now provides a modern RESTful API v1 that follows industry standards:
-
-- **Resource-based URLs**: `/api/v1/feeds`, `/api/v1/strategies`
-- **HTTP methods**: GET, POST, PUT, DELETE
-- **Proper status codes**: 200, 201, 400, 401, 403, 404, 500
-- **JSON responses**: Consistent response format
-- **Content negotiation**: XML for RSS feeds, JSON for metadata
-- **OpenAPI documentation**: Complete API specification
-
-### Quick Start
+## Documentation
+The in-repo docs live under `frontend/src/content/docs/` and are published by Astro.
+- [Configuration Guide](frontend/src/content/docs/configuration.md)
+- [Security Guide](frontend/src/content/docs/security.md)
+- [REST API v1](frontend/src/content/docs/api/v1.md)
+- [Testing Overview](frontend/src/content/docs/testing.md)
 
+## REST API Snapshot
 ```bash
-# List available feeds
-curl "https://your-domain.com/api/v1/feeds"
+# List feeds available to the token
+curl -H "Authorization: Bearer <token>" \
+  "https://your-domain.com/api/v1/feeds"
 
-# Create a new feed
+# Create a feed and capture the signed public URL
 curl -X POST "https://your-domain.com/api/v1/feeds" \
-  -H "Authorization: Bearer your-token" \
+  -H "Authorization: Bearer <token>" \
   -H "Content-Type: application/json" \
-  -d '{"url": "https://example.com", "name": "Example Feed"}'
-
-# Get feed metadata
-curl "https://your-domain.com/api/v1/feeds/example"
-
-# Get RSS content
-curl -H "Accept: application/xml" "https://your-domain.com/api/v1/feeds/example"
+  -d '{"url":"https://example.com","name":"Example Feed"}'
 ```
 
-### Documentation
+## Deploy with Docker Compose
+The supported path is Docker Compose.
 
-- [RESTful API v1 Documentation](docs/api/v1/README.md)
-- [OpenAPI Specification](docs/api/v1/openapi.yaml)
-
-## Public Feed Access
-
-The application supports secure public access to RSS feeds without requiring authentication headers. This is perfect for sharing feeds with RSS readers and other applications.
-
-### How It Works
+### Prerequisites
+- Docker Engine and Docker Compose
+- Git for cloning the repository
 
-1. **Create a Feed**: Use the RESTful API or auto source feature to generate a feed
-2. **Get Public URL**: The system returns a public URL with an embedded token
-3. **Share the URL**: Anyone can access the feed using this URL
-4. **Secure Access**: The token is cryptographically signed and URL-bound
+### Steps
+1. Clone the repository and change into the directory.
+2. Generate a 64-character hexadecimal key: `openssl rand -hex 32`.
+3. Update `docker-compose.yml` with the key via the `HTML2RSS_SECRET_KEY` environment variable.
+4. Start the stack: `docker-compose up`.
 
-### Example
+The application serves the UI and API at `http://localhost:3000`. It fails fast if the secret key is missing.
 
-```bash
-# Create a feed via RESTful API
-curl -X POST "https://your-domain.com/api/v1/feeds" \
-  -H "Authorization: Bearer your-token" \
-  -H "Content-Type: application/json" \
-  -d '{"url": "https://example.com", "name": "Example Feed"}'
-
-# Response includes public_url
-{
-  "success": true,
-  "data": {
-    "feed": {
-      "id": "abc123",
-      "name": "Example Feed", 
-      "url": "https://example.com",
-      "public_url": "/api/v1/feeds/eyJwYXlsb2FkIjoi..."
-    }
-  }
-}
-
-# Access the feed publicly using the signed token
-curl "https://your-domain.com/api/v1/feeds/eyJwYXlsb2FkIjoi..."
+## Frontend Development
 ```
-
-### Security Features
-
-- **10-Year Expiry**: Tokens are valid for 10 years (perfect for RSS)
-- **URL Binding**: Tokens only work for their specific URL
-- **HMAC Signing**: Tokens cannot be tampered with
-- **No Server Storage**: Stateless validation, no database required
-
-## Documentation
-
-For full documentation, please see the [html2rss-web documentation](https://html2rss.github.io/web-application/).
-
-### Security and Deployment
-
-- [Security Guide](SECURITY.md) - Comprehensive security documentation
-- [Project Website](https://html2rss.github.io/html2rss-web/) - Deployment and usage instructions
-
-## Quick Start
-
-This application is designed to be used via Docker Compose only.
-
-### Prerequisites
-
-- Docker and Docker Compose installed
-- Git (to clone the repository)
-
-### Setup and Run
-
-1. **Clone the repository:**
-   ```bash
-   git clone https://github.com/html2rss/html2rss-web.git
-   cd html2rss-web
-   ```
-
-2. **Generate a secret key:**
-   ```bash
-   openssl rand -hex 32
-   ```
-
-3. **Configure docker-compose.yml:**
-   ```bash
-   # Edit the file and replace 'your-generated-secret-key-here' with your actual secret key
-   # The docker-compose.yml file is already included in the repository
-   ```
-
-4. **Start the application:**
-   ```bash
-   docker-compose up
-   ```
-
-The application will be available at `http://localhost:3000`.
-
-**⚠️ Important**: The `HTML2RSS_SECRET_KEY` environment variable is required. Without it, the application will not start and will display setup instructions.
-
-### Frontend Development
-
-The project includes a modern Astro frontend alongside the Ruby backend:
-
-1. **Frontend development:**
-
-   ```bash
-   cd frontend
-   npm install
-   npm run dev
-   ```
-
-2. **Build frontend:**
-   ```bash
-   cd frontend
-   npm run build
-   ```
-
-**Development Workflow:**
-
-- **`make dev`** - Starts both Ruby server (port 3000) and Astro dev server (port 4321) with hot reload
-- **Ruby server** - Serves the API and built frontend at `/app` and `/app/gallery`
-- **Astro dev server** - Provides hot reload for frontend development at `http://localhost:4321`
-- **Hot reload** - Changes to frontend files automatically rebuild and refresh
-
-### Development Commands
-
-| Command              | Description                           |
-| -------------------- | ------------------------------------- |
-| `make help`          | Show all available commands           |
-| `make setup`         | Full development setup                |
-| `make dev`           | Start both Ruby and Astro dev servers |
-| `make dev-ruby`      | Start Ruby server only                |
-| `make dev-frontend`  | Start Astro dev server only           |
-| `make test`          | Run all tests (Ruby + Frontend)       |
-| `make test-ruby`     | Run Ruby tests only                   |
-| `make test-frontend` | Run frontend unit + contract tests    |
-| `make test-frontend-unit` | Run frontend unit tests only      |
-| `make test-frontend-contract` | Run frontend contract tests (Vitest + MSW) |
-| `make lint`          | Run all linters (Ruby + Frontend)     |
-| `make lint-ruby`     | Run Ruby linter only                  |
-| `make lint-js`       | Run frontend linter only              |
-| `make lintfix`       | Auto-fix all linting issues           |
-| `make lintfix-ruby`  | Auto-fix Ruby linting issues          |
-| `make lintfix-js`    | Auto-fix frontend linting issues      |
-| `make clean`         | Clean temporary files                 |
-
-### Frontend Commands
-
-| Command                        | Description                   |
-| ------------------------------ | ----------------------------- |
-| `cd frontend && npm install`   | Install frontend dependencies |
-| `cd frontend && npm run dev`   | Start frontend dev server     |
-| `cd frontend && npm run build` | Build frontend for production |
-| `cd frontend && npm run test:unit` | Run unit tests (Vitest) |
-| `cd frontend && npm run test:contract` | Run contract tests with MSW |
-
-### Testing Strategy
-
-| Layer            | Tooling                    | Notes |
-| ---------------- | -------------------------- | ----- |
-| Ruby API         | RSpec + Rack::Test         | Deterministic request specs for the Roda app |
-| Frontend Unit    | Vitest + Testing Library   | Hook/component behaviour with mocked fetch |
-| Frontend Contract| Vitest + MSW               | Exercises real fetch flows against mocked API responses |
-| Docker Smoke     | RSpec (tagged `:docker`)   | Net::HTTP checks against a bundled Puma container |
+cd frontend
+npm install
+npm run dev
+```
+The Ruby server continues to serve the production build while Astro runs with hot reload on port 4321.
+
+## Make Targets
+
+| Command | Purpose |
+| --- | --- |
+| `make help` | List available shortcuts. |
+| `make setup` | Install Ruby and Node dependencies. |
+| `make dev` | Run Ruby (port 3000) and Astro (port 4321) dev servers. |
+| `make dev-ruby` | Start only the Ruby server. |
+| `make dev-frontend` | Start only the Astro dev server. |
+| `make test` | Run Ruby and frontend test suites. |
+| `make test-ruby` | Run Ruby specs. |
+| `make test-frontend` | Run frontend unit and contract tests. |
+| `make lint` | Run all linters. |
+| `make lintfix` | Auto-fix lint warnings where possible. |
+| `make clean` | Remove build artefacts. |
+
+## Frontend npm Scripts
+
+| Command | Purpose |
+| --- | --- |
+| `npm run dev` | Astro dev server with hot reload. |
+| `npm run build` | Production build. |
+| `npm run test:run` | Unit tests (Vitest). |
+| `npm run test:contract` | Contract tests with MSW. |
+
+## Testing Strategy
+
+| Layer | Tooling | Focus |
+| --- | --- | --- |
+| Ruby API | RSpec + Rack::Test | Feed creation, retrieval, auth paths. |
+| Frontend unit | Vitest + Testing Library | Component rendering and hooks with mocked fetch. |
+| Frontend contract | Vitest + MSW | End-to-end fetch flows against mocked API responses. |
+| Docker smoke | RSpec (`:docker`) | Net::HTTP probes against the containerised service. |
 
 ## Contributing
 
-Contributions are welcome! Please see the [contributing guide](https://html2rss.github.io/get-involved/contributing) for more information.
+Contributions are welcome. See the [html2rss project guidelines](https://html2rss.github.io/get-involved/contributing) before opening a pull request.
 
 ## Sponsoring
 
-If you find this project useful, please consider [sponsoring the project](https://github.com/sponsors/gildesmarais).
+Support ongoing development via [GitHub Sponsors](https://github.com/sponsors/gildesmarais).