ct rss feed

Author: losfair

ui/app/api/ct/feed/[domain]/route.ts

@@ -0,0 +1,109 @@
+import { NextRequest, NextResponse } from "next/server";
+import { Certificate } from "@/types/certificate";
+import client from "@/lib/clickhouse";
+import { generateRSSFeed, getRSSResponse, getBaseUrl, RSSItem } from "@/lib/rss";
+
+interface FeedParams {
+  params: Promise<{ domain: string }>;
+}
+
+async function getCTEntriesForDomain(domain: string, limit: number = 50): Promise<Certificate[]> {
+  const sql = `
+    SELECT 
+      certificate_sha256,
+      log_id,
+      log_index,
+      entry_timestamp,
+      not_after,
+      subject_common_name,
+      issuer_common_name,
+      issuer_organization
+    FROM ct_log_entries_by_name
+    WHERE name_rev = reverse({domain:String}) OR
+          name_rev LIKE reverse({wildcard:String})
+    ORDER BY entry_timestamp DESC
+    LIMIT {limit:UInt32}
+    SETTINGS max_execution_time = 5, max_threads = 1, max_memory_usage = 134217728
+  `;
+
+  const resultSet = await client.query({
+    query: sql,
+    query_params: {
+      domain: domain,
+      wildcard: `%.${domain}`,
+      limit: limit,
+    },
+    format: "JSONEachRow",
+  });
+
+  return await resultSet.json<Certificate>();
+}
+
+function createCTRSSItems(entries: Certificate[], domain: string): RSSItem[] {
+  const baseUrl = getBaseUrl();
+  
+  return entries.map(entry => {
+    const pubDate = new Date(entry.entry_timestamp).toUTCString();
+    const entryUrl = `${baseUrl}/search/${encodeURIComponent(entry.certificate_sha256)}?type=sha256`;
+    
+    const getTitle = () => {
+      const cn = entry.subject_common_name || "Unknown CN";
+      return `CT: ${cn}`;
+    };
+
+    const getDescription = () => {
+      let desc = `New Certificate Transparency log entry for domain ${domain}`;
+      desc += `\nSubject CN: ${entry.subject_common_name || 'N/A'}`;
+      desc += `\nIssuer: ${entry.issuer_common_name || 'N/A'}`;
+      if (entry.issuer_organization && entry.issuer_organization.length > 0) {
+        desc += ` (${entry.issuer_organization[0]})`;
+      }
+      desc += `\nCertificate SHA256: ${entry.certificate_sha256}`;
+      desc += `\nLog ID: ${entry.log_id}`;
+      desc += `\nLog Index: ${entry.log_index}`;
+      desc += `\nExpires: ${new Date(entry.not_after).toISOString().split('T')[0]}`;
+      return desc;
+    };
+
+    return {
+      title: getTitle(),
+      description: getDescription(),
+      link: entryUrl,
+      guid: entryUrl,
+      pubDate: pubDate,
+    };
+  });
+}
+
+export async function GET(request: NextRequest, { params }: FeedParams) {
+  try {
+    const { domain } = await params;
+    const decodedDomain = decodeURIComponent(domain);
+    const { searchParams } = new URL(request.url);
+    const limit = Math.min(parseInt(searchParams.get('limit') || '50'), 100);
+
+    const entries = await getCTEntriesForDomain(decodedDomain, limit);
+    const items = createCTRSSItems(entries, decodedDomain);
+    
+    const baseUrl = getBaseUrl();
+    const feedUrl = `${baseUrl}/api/ct/feed/${encodeURIComponent(decodedDomain)}`;
+    const webUrl = `${baseUrl}/search/${encodeURIComponent(decodedDomain)}`;
+
+    const rssXml = generateRSSFeed({
+      title: `Certificate Transparency Entries for ${decodedDomain}`,
+      description: `Recent Certificate Transparency log entries for domain ${decodedDomain}`,
+      link: webUrl,
+      feedUrl: feedUrl,
+      items: items,
+    });
+
+    const response = getRSSResponse(rssXml);
+    return new NextResponse(response.body, { headers: response.headers });
+  } catch (error) {
+    console.error('CT RSS feed generation error:', error);
+    return NextResponse.json(
+      { error: 'Failed to generate CT RSS feed' },
+      { status: 500 }
+    );
+  }
+}

ui/app/api/sigstore/feed/[org]/[repo]/route.ts

@@ -1,19 +1,7 @@
 import { NextRequest, NextResponse } from "next/server";
 import { SigstoreEntry } from "@/types/sigstore";
 import client from "@/lib/clickhouse";
-
-function escapeXml(unsafe: string): string {
-  return unsafe.replace(/[<>&'"]/g, (c) => {
-    switch (c) {
-      case '<': return '&lt;';
-      case '>': return '&gt;';
-      case '&': return '&amp;';
-      case '\'': return '&apos;';
-      case '"': return '&quot;';
-      default: return c;
-    }
-  });
-}
+import { generateRSSFeed, getRSSResponse, getBaseUrl, RSSItem } from "@/lib/rss";
 
 interface FeedParams {
   params: Promise<{ org: string; repo: string }>;
@@ -32,7 +20,7 @@ async function getSigstoreEntriesForRepo(org: string, repo: string, limit: numbe
     WHERE repository_name = {repoName:String}
     ORDER BY integrated_time DESC
     LIMIT {limit:UInt32}
-    SETTINGS max_execution_time = 30, max_threads = 1, max_memory_usage = 268435456
+    SETTINGS max_execution_time = 5, max_threads = 1, max_memory_usage = 134217728
   `;
 
   const resultSet = await client.query({
@@ -47,15 +35,12 @@ async function getSigstoreEntriesForRepo(org: string, repo: string, limit: numbe
   return await resultSet.json<SigstoreEntry>();
 }
 
-function generateRSSFeed(entries: SigstoreEntry[], org: string, repo: string): string {
-  const now = new Date().toUTCString();
-  const repositoryName = `${org}/${repo}`;
-  const feedUrl = `${process.env.NEXT_PUBLIC_BASE_URL || 'https://transparency.cafe'}/api/sigstore/feed/${org}/${repo}`;
-  const webUrl = `${process.env.NEXT_PUBLIC_BASE_URL || 'https://transparency.cafe'}/sigstore/search/${encodeURIComponent(repositoryName)}?type=github_repository`;
-
-  const items = entries.map(entry => {
+function createSigstoreRepoRSSItems(entries: SigstoreEntry[], repositoryName: string): RSSItem[] {
+  const baseUrl = getBaseUrl();
+  
+  return entries.map(entry => {
     const pubDate = new Date(entry.integrated_time).toUTCString();
-    const entryUrl = `${process.env.NEXT_PUBLIC_BASE_URL || 'https://transparency.cafe'}/sigstore/entry/${entry.entry_uuid}`;
+    const entryUrl = `${baseUrl}/sigstore/entry/${entry.entry_uuid}`;
 
     const getTitle = () => {
       return `Rekor: ${repositoryName}`;
@@ -69,30 +54,14 @@ function generateRSSFeed(entries: SigstoreEntry[], org: string, repo: string): s
       return desc;
     };
 
-    return `
-    <item>
-      <title>${escapeXml(getTitle())}</title>
-      <description>${escapeXml(getDescription())}</description>
-      <link>${escapeXml(entryUrl)}</link>
-      <guid isPermaLink="true">${escapeXml(entryUrl)}</guid>
-      <pubDate>${pubDate}</pubDate>
-    </item>`;
-  }).join('\n');
-
-  return `<?xml version="1.0" encoding="UTF-8"?>
-<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
-  <channel>
-    <title>${escapeXml(`Sigstore Rekor Entries for ${repositoryName}`)}</title>
-    <description>${escapeXml(`Recent Sigstore Rekor transparency log entries for GitHub repository ${repositoryName}`)}</description>
-    <link>${escapeXml(webUrl)}</link>
-    <atom:link href="${escapeXml(feedUrl)}" rel="self" type="application/rss+xml" />
-    <lastBuildDate>${now}</lastBuildDate>
-    <generator>transparency.cafe</generator>
-    <language>en-us</language>
-    <ttl>60</ttl>
-    ${items}
-  </channel>
-</rss>`;
+    return {
+      title: getTitle(),
+      description: getDescription(),
+      link: entryUrl,
+      guid: entryUrl,
+      pubDate: pubDate,
+    };
+  });
 }
 
 export async function GET(request: NextRequest, { params }: FeedParams) {
@@ -102,14 +71,23 @@ export async function GET(request: NextRequest, { params }: FeedParams) {
     const limit = Math.min(parseInt(searchParams.get('limit') || '50'), 100);
 
     const entries = await getSigstoreEntriesForRepo(org, repo, limit);
-    const rssXml = generateRSSFeed(entries, org, repo);
+    const repositoryName = `${org}/${repo}`;
+    const items = createSigstoreRepoRSSItems(entries, repositoryName);
+    
+    const baseUrl = getBaseUrl();
+    const feedUrl = `${baseUrl}/api/sigstore/feed/${org}/${repo}`;
+    const webUrl = `${baseUrl}/sigstore/search/${encodeURIComponent(repositoryName)}?type=github_repository`;
 
-    return new NextResponse(rssXml, {
-      headers: {
-        'Content-Type': 'application/rss+xml; charset=utf-8',
-        'Cache-Control': 'public, max-age=300, s-maxage=300', // Cache for 5 minutes
-      },
+    const rssXml = generateRSSFeed({
+      title: `Sigstore Rekor Entries for ${repositoryName}`,
+      description: `Recent Sigstore Rekor transparency log entries for GitHub repository ${repositoryName}`,
+      link: webUrl,
+      feedUrl: feedUrl,
+      items: items,
     });
+
+    const response = getRSSResponse(rssXml);
+    return new NextResponse(response.body, { headers: response.headers });
   } catch (error) {
     console.error('RSS feed generation error:', error);
     return NextResponse.json(

ui/app/api/sigstore/feed/[org]/route.ts

@@ -1,19 +1,7 @@
 import { NextRequest, NextResponse } from "next/server";
 import { SigstoreEntry } from "@/types/sigstore";
 import client from "@/lib/clickhouse";
-
-function escapeXml(unsafe: string): string {
-  return unsafe.replace(/[<>&'"]/g, (c) => {
-    switch (c) {
-      case '<': return '&lt;';
-      case '>': return '&gt;';
-      case '&': return '&amp;';
-      case '\'': return '&apos;';
-      case '"': return '&quot;';
-      default: return c;
-    }
-  });
-}
+import { generateRSSFeed, getRSSResponse, getBaseUrl, RSSItem } from "@/lib/rss";
 
 interface FeedParams {
   params: Promise<{ org: string }>;
@@ -31,7 +19,7 @@ async function getSigstoreEntriesForOrg(org: string, limit: number = 50): Promis
     WHERE repository_name LIKE {orgPattern:String}
     ORDER BY integrated_time DESC
     LIMIT {limit:UInt32}
-    SETTINGS max_execution_time = 30, max_threads = 1, max_memory_usage = 268435456
+    SETTINGS max_execution_time = 5, max_threads = 1, max_memory_usage = 134217728
   `;
 
   const resultSet = await client.query({
@@ -46,14 +34,12 @@ async function getSigstoreEntriesForOrg(org: string, limit: number = 50): Promis
   return await resultSet.json<SigstoreEntry>();
 }
 
-function generateRSSFeed(entries: SigstoreEntry[], org: string): string {
-  const now = new Date().toUTCString();
-  const feedUrl = `${process.env.NEXT_PUBLIC_BASE_URL || 'https://transparency.cafe'}/api/sigstore/feed/${org}`;
-  const webUrl = `${process.env.NEXT_PUBLIC_BASE_URL || 'https://transparency.cafe'}/sigstore/search/${encodeURIComponent(org)}?type=github_organization`;
-
-  const items = entries.map(entry => {
+function createSigstoreOrgRSSItems(entries: SigstoreEntry[]): RSSItem[] {
+  const baseUrl = getBaseUrl();
+  
+  return entries.map(entry => {
     const pubDate = new Date(entry.integrated_time).toUTCString();
-    const entryUrl = `${process.env.NEXT_PUBLIC_BASE_URL || 'https://transparency.cafe'}/sigstore/entry/${entry.entry_uuid}`;
+    const entryUrl = `${baseUrl}/sigstore/entry/${entry.entry_uuid}`;
 
     const getTitle = () => {
       const repo = entry.repository_name || "Unknown Repository";
@@ -68,30 +54,14 @@ function generateRSSFeed(entries: SigstoreEntry[], org: string): string {
       return desc;
     };
 
-    return `
-    <item>
-      <title>${escapeXml(getTitle())}</title>
-      <description>${escapeXml(getDescription())}</description>
-      <link>${escapeXml(entryUrl)}</link>
-      <guid isPermaLink="true">${escapeXml(entryUrl)}</guid>
-      <pubDate>${pubDate}</pubDate>
-    </item>`;
-  }).join('\n');
-
-  return `<?xml version="1.0" encoding="UTF-8"?>
-<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
-  <channel>
-    <title>${escapeXml(`Sigstore Rekor Entries for ${org}`)}</title>
-    <description>${escapeXml(`Recent Sigstore Rekor transparency log entries for GitHub organization ${org}`)}</description>
-    <link>${escapeXml(webUrl)}</link>
-    <atom:link href="${escapeXml(feedUrl)}" rel="self" type="application/rss+xml" />
-    <lastBuildDate>${now}</lastBuildDate>
-    <generator>transparency.cafe</generator>
-    <language>en-us</language>
-    <ttl>60</ttl>
-    ${items}
-  </channel>
-</rss>`;
+    return {
+      title: getTitle(),
+      description: getDescription(),
+      link: entryUrl,
+      guid: entryUrl,
+      pubDate: pubDate,
+    };
+  });
 }
 
 export async function GET(request: NextRequest, { params }: FeedParams) {
@@ -101,14 +71,22 @@ export async function GET(request: NextRequest, { params }: FeedParams) {
     const limit = Math.min(parseInt(searchParams.get('limit') || '50'), 100);
 
     const entries = await getSigstoreEntriesForOrg(org, limit);
-    const rssXml = generateRSSFeed(entries, org);
+    const items = createSigstoreOrgRSSItems(entries);
+    
+    const baseUrl = getBaseUrl();
+    const feedUrl = `${baseUrl}/api/sigstore/feed/${org}`;
+    const webUrl = `${baseUrl}/sigstore/search/${encodeURIComponent(org)}?type=github_organization`;
 
-    return new NextResponse(rssXml, {
-      headers: {
-        'Content-Type': 'application/rss+xml; charset=utf-8',
-        'Cache-Control': 'public, max-age=300, s-maxage=300', // Cache for 5 minutes
-      },
+    const rssXml = generateRSSFeed({
+      title: `Sigstore Rekor Entries for ${org}`,
+      description: `Recent Sigstore Rekor transparency log entries for GitHub organization ${org}`,
+      link: webUrl,
+      feedUrl: feedUrl,
+      items: items,
     });
+
+    const response = getRSSResponse(rssXml);
+    return new NextResponse(response.body, { headers: response.headers });
   } catch (error) {
     console.error('RSS feed generation error:', error);
     return NextResponse.json(

ui/app/page.tsx

@@ -6,7 +6,7 @@ export const dynamic = "force-dynamic";
 export default function Home() {
   return (
     <div className="min-h-full">
-      <div className="container px-6 pt-6 max-w-4xl">
+      <div className="container px-6 pt-6 pb-12 max-w-4xl">
         <div className="space-y-8">
           <div className="text-sm flex flex-col gap-2">
             <p>
@@ -21,6 +21,14 @@ export default function Home() {
           </div>
 
           <SearchForm />
+          <div>
+            <p className="mb-4 font-bold">RSS Feed</p>
+            <p>
+              <code className="text-sm">
+                https://transparency.cafe/api/ct/feed/[domain]
+              </code>
+            </p>
+          </div>
           <CtStats />
         </div>
       </div>