refactor: enhance routing and response handling; improve frontend visibility toggles

Author: gildesmarais

app.rb

@@ -72,6 +72,8 @@ def self.production_error_message
         ERROR
       end
 
+      def development? = self.class.development?
+
       # Validate environment on class load
       validate_environment!
 
@@ -146,7 +148,7 @@ def self.production_error_message
       # Stable feed routes (new)
       hash_branch 'feeds' do |r|
         r.on String do |feed_id|
-          handle_stable_feed(r, feed_id)
+          AutoSourceRoutes.handle_stable_feed(r, feed_id)
         end
       end
 

app/api_routes.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require_relative 'local_config'
+
 module Html2rss
   module Web
     ##
@@ -21,17 +23,22 @@ def list_available_strategies
       def handle_feed_generation(router, feed_name)
         params = router.params
         rss_content = Feeds.generate_feed(feed_name, params)
-        rss_headers(router)
+
+        # Extract TTL from feed configuration
+        config = LocalConfig.find(feed_name)
+        ttl = config.dig(:channel, :ttl) || 3600
+
+        rss_headers(router, ttl: ttl)
         rss_content.to_s
       rescue StandardError => error
         router.response.status = 500
         router.response['Content-Type'] = 'application/xml'
         Feeds.error_feed(error.message)
       end
 
-      def rss_headers(router)
+      def rss_headers(router, ttl: 3600)
         router.response['Content-Type'] = 'application/xml'
-        router.response['Cache-Control'] = 'public, max-age=3600'
+        router.response['Cache-Control'] = "public, max-age=#{ttl}"
       end
     end
   end

app/auto_source.rb

@@ -72,21 +72,6 @@ def generate_feed_from_stable_id(feed_id, token_data)
         }
       end
 
-      private
-
-      def build_feed_data(name, url, token_data, strategy, feed_id, feed_token)
-        public_url = "/feeds/#{feed_id}?token=#{feed_token}&url=#{URI.encode_www_form_component(url)}"
-
-        {
-          id: feed_id,
-          name: name,
-          url: url,
-          username: token_data[:username],
-          strategy: strategy,
-          public_url: public_url
-        }
-      end
-
       def generate_feed_content(url, strategy = 'ssrf_filter')
         feed_content = call_strategy(url, strategy)
 
@@ -102,6 +87,19 @@ def generate_feed_content(url, strategy = 'ssrf_filter')
         feed_content
       end
 
+      def build_feed_data(name, url, token_data, strategy, feed_id, feed_token)
+        public_url = "/feeds/#{feed_id}?token=#{feed_token}&url=#{URI.encode_www_form_component(url)}"
+
+        {
+          id: feed_id,
+          name: name,
+          url: url,
+          username: token_data[:username],
+          strategy: strategy,
+          public_url: public_url
+        }
+      end
+
       def create_empty_feed_warning(url, strategy)
         site_title = extract_site_title(url)
         XmlBuilder.build_empty_feed_warning(
@@ -111,7 +109,7 @@ def create_empty_feed_warning(url, strategy)
         )
       end
 
-      def call_strategy(url, strategy)
+      def call_strategy(url, strategy) # rubocop:disable Metrics/MethodLength
         global_config = LocalConfig.global
 
         config = {

app/auto_source_routes.rb

@@ -53,12 +53,17 @@ def handle_stable_feed(router, feed_id)
         handle_auto_source_error(router, error)
       end
 
-      private
+      def handle_public_feed_access(router, _feed_id, feed_token, url)
+        # Validate feed token and URL
+        return access_denied_response(router, url) unless Auth.feed_url_allowed?(feed_token, url)
 
-      def auto_source_disabled_response(router)
-        router.response.status = 400
-        router.response['Content-Type'] = 'application/xml'
-        XmlBuilder.build_error_feed(message: 'The auto source feature is disabled.', title: 'Auto Source Disabled')
+        strategy = router.params['strategy'] || 'ssrf_filter'
+        rss_content = AutoSource.generate_feed_content(url, strategy)
+
+        configure_auto_source_headers(router)
+        rss_content.to_s
+      rescue StandardError => error
+        handle_auto_source_error(router, error)
       end
 
       def handle_authenticated_feed_access(router, url)
@@ -70,21 +75,72 @@ def handle_authenticated_feed_access(router, url)
         strategy = router.params['strategy'] || 'ssrf_filter'
         rss_content = AutoSource.generate_feed_content(url, strategy)
 
-        set_auto_source_headers(router)
+        configure_auto_source_headers(router)
         rss_content.to_s
       end
 
-      def handle_public_feed_access(router, _feed_id, feed_token, url)
-        # Validate feed token and URL
-        return access_denied_response(router, url) unless Auth.feed_url_allowed?(feed_token, url)
+      def handle_auto_source_error(router, error)
+        router.response.status = 500
+        router.response['Content-Type'] = 'application/xml'
+        XmlBuilder.build_error_feed(message: error.message)
+      end
 
-        strategy = router.params['strategy'] || 'ssrf_filter'
-        rss_content = AutoSource.generate_feed_content(url, strategy)
+      # Helper methods that need to be implemented by the main app
+      def bad_request_response(router, message)
+        router.response.status = 400
+        router.response['Content-Type'] = 'application/xml'
+        XmlBuilder.build_access_denied_feed(message)
+      end
 
-        set_auto_source_headers(router)
-        rss_content.to_s
-      rescue StandardError => error
-        handle_auto_source_error(router, error)
+      def unauthorized_response(router)
+        router.response.status = 401
+        router.response['Content-Type'] = 'application/xml'
+        XmlBuilder.build_error_feed(message: 'Unauthorized')
+      end
+
+      def access_denied_response(router, url)
+        router.response.status = 403
+        router.response['Content-Type'] = 'application/xml'
+        XmlBuilder.build_access_denied_feed(url)
+      end
+
+      def method_not_allowed_response(router)
+        router.response.status = 405
+        router.response['Content-Type'] = 'application/xml'
+        XmlBuilder.build_error_feed(message: 'Method Not Allowed')
+      end
+
+      def internal_error_response(router)
+        router.response.status = 500
+        router.response['Content-Type'] = 'application/xml'
+        XmlBuilder.build_error_feed(message: 'Internal Server Error')
+      end
+
+      def forbidden_origin_response(router)
+        router.response.status = 403
+        router.response['Content-Type'] = 'application/xml'
+        XmlBuilder.build_error_feed(message: 'Forbidden Origin')
+      end
+
+      def configure_auto_source_headers(router)
+        router.response['Content-Type'] = 'application/xml'
+        router.response['Cache-Control'] = 'public, max-age=3600'
+        router.response['X-Content-Type-Options'] = 'nosniff'
+        router.response['X-XSS-Protection'] = '1; mode=block'
+      end
+
+      def validate_and_decode_base64(encoded_url)
+        Base64.urlsafe_decode64(encoded_url)
+      rescue ArgumentError
+        nil
+      end
+
+      private
+
+      def auto_source_disabled_response(router)
+        router.response.status = 400
+        router.response['Content-Type'] = 'application/xml'
+        XmlBuilder.build_error_feed(message: 'The auto source feature is disabled.', title: 'Auto Source Disabled')
       end
 
       def handle_create_feed(router)
@@ -143,65 +199,9 @@ def process_legacy_auto_source_request(router, encoded_url, token_data)
 
         strategy = router.params['strategy'] || 'ssrf_filter'
         rss_content = AutoSource.generate_feed(encoded_url, strategy)
-        set_auto_source_headers(router)
+        configure_auto_source_headers(router)
         rss_content.to_s
       end
-
-      def handle_auto_source_error(router, error)
-        router.response.status = 500
-        router.response['Content-Type'] = 'application/xml'
-        XmlBuilder.build_error_feed(message: error.message)
-      end
-
-      # Helper methods that need to be implemented by the main app
-      def bad_request_response(router, message)
-        router.response.status = 400
-        router.response['Content-Type'] = 'application/xml'
-        XmlBuilder.build_access_denied_feed(message)
-      end
-
-      def unauthorized_response(router)
-        router.response.status = 401
-        router.response['Content-Type'] = 'application/xml'
-        XmlBuilder.build_error_feed(message: 'Unauthorized')
-      end
-
-      def access_denied_response(router, url)
-        router.response.status = 403
-        router.response['Content-Type'] = 'application/xml'
-        XmlBuilder.build_access_denied_feed(url)
-      end
-
-      def method_not_allowed_response(router)
-        router.response.status = 405
-        router.response['Content-Type'] = 'application/xml'
-        XmlBuilder.build_error_feed(message: 'Method Not Allowed')
-      end
-
-      def internal_error_response(router)
-        router.response.status = 500
-        router.response['Content-Type'] = 'application/xml'
-        XmlBuilder.build_error_feed(message: 'Internal Server Error')
-      end
-
-      def forbidden_origin_response(router)
-        router.response.status = 403
-        router.response['Content-Type'] = 'application/xml'
-        XmlBuilder.build_error_feed(message: 'Forbidden Origin')
-      end
-
-      def set_auto_source_headers(router)
-        router.response['Content-Type'] = 'application/xml'
-        router.response['Cache-Control'] = 'public, max-age=3600'
-        router.response['X-Content-Type-Options'] = 'nosniff'
-        router.response['X-XSS-Protection'] = '1; mode=block'
-      end
-
-      def validate_and_decode_base64(encoded_url)
-        Base64.urlsafe_decode64(encoded_url)
-      rescue ArgumentError
-        nil
-      end
     end
   end
 end

app/response_helpers.rb

@@ -52,7 +52,7 @@ def internal_error_response
         XmlBuilder.build_error_feed(message: 'Internal Server Error')
       end
 
-      def set_auto_source_headers
+      def configure_auto_source_headers
         response['Content-Type'] = 'application/xml'
         response['Cache-Control'] = 'private, must-revalidate, no-cache, no-store, max-age=0'
         response['X-Content-Type-Options'] = 'nosniff'

app/static_file_helpers.rb

@@ -11,7 +11,8 @@ def handle_static_files(router)
         router.on do
           if router.path_info == '/'
             serve_root_path
-          else
+          elsif router.path_info.start_with?('/') && !router.path_info.include?('.')
+            # Only handle frontend routes that don't have file extensions
             serve_astro_files(router)
           end
         end

frontend/src/components/FeedForm.astro

@@ -5,7 +5,7 @@ import "../styles/forms.css";
 
 <div id="feed-section">
   <!-- Advanced options toggle -->
-  <button type="button" class="advanced-toggle" id="advanced-toggle"> Show advanced options </button>
+  <button type="button" class="advanced-toggle" id="advanced-toggle">Show advanced options</button>
 
   <!-- Advanced fields (shown by default) -->
   <div class="advanced-fields" id="advanced-fields">

frontend/src/components/UrlInput.astro

@@ -21,11 +21,9 @@ import "../styles/forms.css";
       </div>
       <button type="submit" class="form-button">Convert</button>
     </div>
-    <div class="quick-actions" id="quick-actions" style="display: none;">
+    <div class="quick-actions hidden" id="quick-actions">
       <button type="button" class="form-button form-button-secondary" id="copy-url">Copy URL</button>
-      <a href="#" class="form-button form-button-secondary" id="subscribe-link" style="text-decoration: none;"
-        >Subscribe</a
-      >
+      <a href="#" class="form-button form-button-secondary subscribe-link" id="subscribe-link">Subscribe</a>
     </div>
   </div>
 </div>

frontend/src/components/XmlDisplay.astro

@@ -4,12 +4,12 @@ import "../styles/forms.css";
 ---
 
 <!-- Content Preview -->
-<div class="xml-preview" id="xml-preview" style="display: none;">
+<div class="xml-preview hidden" id="xml-preview">
   <div class="loading">Loading RSS feed preview...</div>
 </div>
 
 <!-- XML Feed Display -->
-<div class="xml-feed-display" id="xml-feed-display" style="display: none;">
+<div class="xml-feed-display hidden" id="xml-feed-display">
   <div class="xml-feed-header">
     <h4>📄 RSS Feed Preview</h4>
     <div class="xml-feed-actions">
@@ -19,17 +19,10 @@ import "../styles/forms.css";
       <button type="button" class="xml-toggle" id="xml-toggle">Show Raw XML</button>
     </div>
   </div>
-  <div class="xml-feed-content" id="xml-feed-content" style="display: none;">
-    <iframe
-      id="rss-iframe"
-      src=""
-      width="100%"
-      height="800"
-      frameborder="0"
-      style="border: 1px solid var(--form-border); border-radius: var(--form-radius); min-height: 600px;"
-    ></iframe>
+  <div class="xml-feed-content hidden" id="xml-feed-content">
+    <iframe id="rss-iframe" src="" width="100%" height="800" frameborder="0" class="rss-iframe"></iframe>
   </div>
-  <div class="xml-raw-content" id="xml-raw-content" style="display: none;">
+  <div class="xml-raw-content hidden" id="xml-raw-content">
     <pre><code id="rss-content" /></pre>
   </div>
 </div>