.

gildesmarais · gildesmarais · commit 0db44a2bcb11 · 2025-09-27T11:20:10.000+02:00
diff --git a/app.rb b/app.rb
@@ -86,25 +86,13 @@ def development? = self.class.development?
         next exception_page(error) if development?
 
         # Simple error handling for production
-        status = case error
-                 when UnauthorizedError then 401
-                 when BadRequestError then 400
-                 when ForbiddenError then 403
-                 when NotFoundError then 404
-                 else 500
-                 end
+        http_status = error.respond_to?(:status) ? error.status : 500
+        error_code = error.respond_to?(:code) ? error.code : 'INTERNAL_SERVER_ERROR'
 
-        response.status = status
+        response.status = http_status
 
         if request.path.start_with?('/api/v1/')
           response['Content-Type'] = 'application/json'
-          error_code = case error
-                       when UnauthorizedError then 'UNAUTHORIZED'
-                       when BadRequestError then 'BAD_REQUEST'
-                       when ForbiddenError then 'FORBIDDEN'
-                       when NotFoundError then 'NOT_FOUND'
-                       else 'INTERNAL_SERVER_ERROR'
-                       end
           JSON.generate({ success: false, error: { message: error.message, code: error_code } })
         else
           response['Content-Type'] = 'application/xml'
diff --git a/app/auth_utils.rb b/app/auth_utils.rb
diff --git a/app/auto_source.rb b/app/auto_source.rb
@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
+require 'digest'
 require_relative 'account_manager'
 require_relative 'auth'
-require_relative 'auth_utils'
 require_relative 'feed_generator'
 require_relative 'url_validator'
 
@@ -24,7 +24,7 @@ def enabled?
         def create_stable_feed(name, url, token_data, strategy = 'ssrf_filter')
           return nil unless url_allowed_for_token?(token_data, url)
 
-          feed_id = AuthUtils.generate_feed_id(token_data[:username], url, token_data[:token])
+          feed_id = generate_feed_id(token_data[:username], url, token_data[:token])
           feed_token = Auth.generate_feed_token(token_data[:username], url)
           return nil unless feed_token
 
@@ -63,6 +63,11 @@ def url_allowed_for_token?(token_data, url)
           UrlValidator.url_allowed?(account, url)
         end
 
+        def generate_feed_id(username, url, token)
+          content = "#{username}:#{url}:#{token}"
+          Digest::SHA256.hexdigest(content)[0..15]
+        end
+
         def build_feed_data(name, url, token_data, strategy, identifiers)
           public_url = "/api/v1/feeds/#{identifiers[:feed_token]}"
 
diff --git a/app/exceptions.rb b/app/exceptions.rb
@@ -6,46 +6,61 @@ module Web
     # Custom exceptions for clean error handling
     # These map to HTTP status codes and are handled by Roda's error_handler
 
-    # HTTP 401 - Authentication required
-    class UnauthorizedError < StandardError
-      def initialize(message = 'Authentication required')
+    class HttpError < StandardError
+      DEFAULT_MESSAGE = 'Internal Server Error'
+      STATUS = 500
+      CODE = 'INTERNAL_SERVER_ERROR'
+
+      def initialize(message = self.class::DEFAULT_MESSAGE)
         super
       end
+
+      def status
+        self.class::STATUS
+      end
+
+      def code
+        self.class::CODE
+      end
+    end
+
+    # HTTP 401 - Authentication required
+    class UnauthorizedError < HttpError
+      DEFAULT_MESSAGE = 'Authentication required'
+      STATUS = 401
+      CODE = 'UNAUTHORIZED'
     end
 
     # HTTP 400 - Invalid request
-    class BadRequestError < StandardError
-      def initialize(message = 'Bad Request')
-        super
-      end
+    class BadRequestError < HttpError
+      DEFAULT_MESSAGE = 'Bad Request'
+      STATUS = 400
+      CODE = 'BAD_REQUEST'
     end
 
     # HTTP 403 - Access denied
-    class ForbiddenError < StandardError
-      def initialize(message = 'Forbidden')
-        super
-      end
+    class ForbiddenError < HttpError
+      DEFAULT_MESSAGE = 'Forbidden'
+      STATUS = 403
+      CODE = 'FORBIDDEN'
     end
 
     # HTTP 404 - Resource not found
-    class NotFoundError < StandardError
-      def initialize(message = 'Not Found')
-        super
-      end
+    class NotFoundError < HttpError
+      DEFAULT_MESSAGE = 'Not Found'
+      STATUS = 404
+      CODE = 'NOT_FOUND'
     end
 
     # HTTP 405 - Method not allowed
-    class MethodNotAllowedError < StandardError
-      def initialize(message = 'Method Not Allowed')
-        super
-      end
+    class MethodNotAllowedError < HttpError
+      DEFAULT_MESSAGE = 'Method Not Allowed'
+      STATUS = 405
+      CODE = 'METHOD_NOT_ALLOWED'
     end
 
     # HTTP 500 - Server error
-    class InternalServerError < StandardError
-      def initialize(message = 'Internal Server Error')
-        super
-      end
+    class InternalServerError < HttpError
     end
   end
 end
