ruby clean

Author: gildesmarais

app/auth.rb

@@ -103,10 +103,7 @@ def validate_feed_token(feed_token, url)
         return nil unless feed_token && url
 
         token_data = decode_feed_token(feed_token)
-        return nil unless token_data
-
-        return nil unless verify_token_signature(token_data)
-        return nil unless token_valid?(token_data, url)
+        return nil unless token_data && verify_token_signature(token_data) && token_valid?(token_data, url)
 
         get_account_by_username(token_data[:payload][:username])
       rescue StandardError
@@ -141,9 +138,7 @@ def token_valid?(token_data, url)
       # @param url [String] the full URL with query parameters
       # @return [String, nil] feed token if found, nil otherwise
       def extract_feed_token_from_url(url)
-        uri = URI.parse(url)
-        params = URI.decode_www_form(uri.query || '').to_h
-        params['token']
+        URI.parse(url).then { |uri| URI.decode_www_form(uri.query || '').to_h['token'] }
       rescue StandardError
         nil
       end
@@ -165,13 +160,10 @@ def feed_url_allowed?(feed_token, url)
       # @param request [Roda::Request] the request object
       # @return [String, nil] token if found, nil otherwise
       def extract_token(request)
-        # Try Authorization header (Bearer token)
         auth_header = request.env['HTTP_AUTHORIZATION']
-        if auth_header&.start_with?('Bearer ')
-          return auth_header[7..] # Remove 'Bearer ' prefix
-        end
+        return unless auth_header&.start_with?('Bearer ')
 
-        nil
+        auth_header.delete_prefix('Bearer ')
       end
 
       ##
@@ -217,7 +209,7 @@ def load_accounts
       # Get the secret key for HMAC signing
       # @return [String, nil] secret key if configured, nil otherwise
       def secret_key
-        ENV.fetch('HTML2RSS_SECRET_KEY', nil)
+        ENV.fetch('HTML2RSS_SECRET_KEY')
       end
 
       ##
@@ -226,20 +218,25 @@ def secret_key
       # @param patterns [Array<String>] allowed URL patterns
       # @return [Boolean] true if URL matches any pattern
       def url_matches_patterns?(url, patterns)
-        patterns.any? do |pattern|
-          if pattern.include?('*')
-            # Convert wildcard pattern to regex with proper escaping
-            escaped_pattern = Regexp.escape(pattern).gsub('\\*', '.*')
-            url.match?(/\A#{escaped_pattern}\z/)
-          else
-            # Exact match or substring match
-            url.include?(pattern)
-          end
-        end
+        patterns.any? { |pattern| url_matches_pattern?(url, pattern) }
       rescue RegexpError
         false
       end
 
+      ##
+      # Check if URL matches a single pattern
+      # @param url [String] URL to check
+      # @param pattern [String] pattern to match against
+      # @return [Boolean] true if URL matches pattern
+      def url_matches_pattern?(url, pattern)
+        if pattern.include?('*')
+          escaped_pattern = Regexp.escape(pattern).gsub('\\*', '.*')
+          url.match?(/\A#{escaped_pattern}\z/)
+        else
+          url.include?(pattern)
+        end
+      end
+
       ##
       # Sanitize text for safe inclusion in XML output
       # Escapes XML special characters to prevent injection attacks
@@ -256,15 +253,11 @@ def sanitize_xml(text)
       # @param url [String] URL to validate
       # @return [Boolean] true if URL is valid and allowed, false otherwise
       def valid_url?(url)
-        return false unless url.is_a?(String)
-        return false if url.empty?
-        return false if url.length > 2048 # Prevent extremely long URLs
-
-        begin
-          !Html2rss::Url.for_channel(url).nil?
-        rescue StandardError
-          false
-        end
+        return false unless url.is_a?(String) && !url.empty? && url.length <= 2048
+
+        !Html2rss::Url.for_channel(url).nil?
+      rescue StandardError
+        false
       end
     end
   end

app/auto_source.rb

@@ -3,6 +3,7 @@
 require 'uri'
 require_relative 'auth'
 require_relative 'xml_builder'
+require_relative 'local_config'
 
 module Html2rss
   module Web
@@ -13,13 +14,10 @@ module AutoSource
 
       def enabled?
         # Enable by default in development, require explicit setting in production
-        rack_env = ENV.fetch('RACK_ENV', nil)
-        auto_source_enabled = ENV.fetch('AUTO_SOURCE_ENABLED', nil)
-
-        if rack_env == 'development'
-          auto_source_enabled != 'false'
+        if development?
+          ENV.fetch('AUTO_SOURCE_ENABLED', nil) != 'false'
         else
-          auto_source_enabled == 'true'
+          ENV.fetch('AUTO_SOURCE_ENABLED', nil) == 'true'
         end
       end
 
@@ -34,7 +32,7 @@ def allowed_origin?(request)
       end
 
       def allowed_origins
-        if ENV.fetch('RACK_ENV', nil) == 'development'
+        if development?
           default_origins = 'localhost:3000,localhost:3001,127.0.0.1:3000,127.0.0.1:3001'
           origins = ENV.fetch('AUTO_SOURCE_ALLOWED_ORIGINS', default_origins)
         else
@@ -61,29 +59,31 @@ def create_stable_feed(name, url, token_data, strategy = 'ssrf_filter')
         build_feed_data(name, url, token_data, strategy, feed_id, feed_token)
       end
 
-      def build_feed_data(name, url, token_data, strategy, feed_id, feed_token)
-        public_url = "/feeds/#{feed_id}?token=#{feed_token}&url=#{URI.encode_www_form_component(url)}"
+      def generate_feed_from_stable_id(feed_id, token_data)
+        return nil unless token_data
 
+        # Reconstruct feed data from token and feed_id
+        # This is stateless - we don't store anything permanently
         {
           id: feed_id,
-          name: name,
-          url: url,
+          url: nil, # Will be provided in request
           username: token_data[:username],
-          strategy: strategy,
-          public_url: public_url
+          strategy: 'ssrf_filter'
         }
       end
 
-      def generate_feed_from_stable_id(feed_id, token_data)
-        return nil unless token_data
+      private
+
+      def build_feed_data(name, url, token_data, strategy, feed_id, feed_token)
+        public_url = "/feeds/#{feed_id}?token=#{feed_token}&url=#{URI.encode_www_form_component(url)}"
 
-        # Reconstruct feed data from token and feed_id
-        # This is stateless - we don't store anything permanently
         {
           id: feed_id,
-          url: nil, # Will be provided in request
+          name: name,
+          url: url,
           username: token_data[:username],
-          strategy: 'ssrf_filter'
+          strategy: strategy,
+          public_url: public_url
         }
       end
 
@@ -111,14 +111,15 @@ def create_empty_feed_warning(url, strategy)
         )
       end
 
-      # rubocop:disable Metrics/MethodLength
       def call_strategy(url, strategy)
+        global_config = LocalConfig.global
+
         config = {
-          stylesheets: [{ href: '/rss.xsl', type: 'text/xsl' }],
+          stylesheets: global_config[:stylesheets],
+          headers: global_config[:headers],
           strategy: strategy.to_sym,
           channel: {
-            url: url,
-            title: extract_channel_title(url)
+            url: url
           },
           auto_source: {
             # Auto source configuration for automatic content detection
@@ -128,11 +129,6 @@ def call_strategy(url, strategy)
 
         Html2rss.feed(config)
       end
-      # rubocop:enable Metrics/MethodLength
-
-      def extract_channel_title(url)
-        Html2rss::Url.for_channel(url).channel_titleized || 'RSS Feed'
-      end
 
       def extract_site_title(url)
         Html2rss::Url.for_channel(url).channel_titleized
@@ -147,6 +143,10 @@ def error_feed(message)
       def access_denied_feed(url)
         XmlBuilder.build_access_denied_feed(url)
       end
+
+      def development?
+        ENV.fetch('RACK_ENV', nil) == 'development'
+      end
     end
   end
 end

app/local_config.rb

@@ -34,12 +34,6 @@ def global
         yaml.reject { |key| key == :feeds }
       end
 
-      ##
-      # @return [Array<Hash>] configured auth accounts
-      def auth_accounts
-        global.dig(:auth, :accounts) || []
-      end
-
       ##
       # @return [Array<Symbol>] names of locally available feeds
       def feed_names

docker-compose.yml

@@ -31,8 +31,6 @@ services:
   browserless:
     image: "ghcr.io/browserless/chromium"
     restart: unless-stopped
-    ports:
-      - "127.0.0.1:3001:3001"
     environment:
       PORT: 3001
       CONCURRENT: 10