-
-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathapp.rb
More file actions
143 lines (111 loc) · 3.81 KB
/
app.rb
File metadata and controls
143 lines (111 loc) · 3.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# frozen_string_literal: true
require 'roda'
require 'rack/cache'
require_relative 'roda/roda_plugins/basic_auth'
require 'html2rss'
require_relative 'app/ssrf_filter_strategy'
module Html2rss
module Web
##
# This app uses html2rss and serves the feeds via HTTP.
#
# It is built with [Roda](https://roda.jeremyevans.net/).
class App < Roda
CONTENT_TYPE_RSS = 'application/xml'
Html2rss::RequestService.register_strategy(:ssrf_filter, SsrfFilterStrategy)
Html2rss::RequestService.default_strategy_name = :ssrf_filter
Html2rss::RequestService.unregister_strategy(:faraday)
def self.development? = ENV['RACK_ENV'] == 'development'
opts[:check_dynamic_arity] = false
opts[:check_arity] = :warn
use Rack::Cache,
metastore: 'file:./tmp/rack-cache-meta',
entitystore: 'file:./tmp/rack-cache-body',
verbose: development?
plugin :content_security_policy do |csp|
csp.default_src :none
csp.style_src :self
csp.script_src :self
csp.connect_src :self
csp.img_src :self
csp.font_src :self, 'data:'
csp.form_action :self
csp.base_uri :none
csp.frame_ancestors :self
csp.frame_src :self
csp.block_all_mixed_content
end
plugin :default_headers,
'Content-Type' => 'text/html',
'X-Content-Type-Options' => 'nosniff',
'X-XSS-Protection' => '1; mode=block'
plugin :exception_page
plugin :error_handler do |error|
next exception_page(error) if development?
handle_error(error)
end
plugin :hash_branch_view_subdir
plugin :public
plugin :content_for
plugin :render, escape: true, layout: 'layout'
plugin :typecast_params
plugin :basic_auth
Dir['routes/**/*.rb'].each do |f|
if development?
Unreloader.require f
else
require_relative f
end
end
@show_backtrace = !ENV['CI'].to_s.empty? || development?
route do |r|
r.public
r.hash_branches('')
r.root { view 'index' }
r.get 'health_check.txt' do
handle_health_check
end
r.on String, String do |folder_name, config_name_with_ext|
response['Content-Type'] = CONTENT_TYPE_RSS
name = "#{folder_name}/#{File.basename(config_name_with_ext, '.*')}"
config = Html2rss::Configs.find_by_name(name)
if (params = request.params).any?
config = config.dup
config[:params] ||= {}
config[:params].merge!(params)
end
unless config[:strategy]
config = config.dup if config.frozen?
config[:strategy] ||= Html2rss::RequestService.default_strategy_name
end
feed = Html2rss.feed(config)
HttpCache.expires(response, feed.channel.ttl.to_i * 60, cache_control: 'public')
feed.to_s
end
r.on String do |config_name_with_ext|
response['Content-Type'] = CONTENT_TYPE_RSS
config = LocalConfig.find(File.basename(config_name_with_ext, '.*'))
if (params = request.params).any?
config = config.dup
config[:params] ||= {}
config[:params].merge!(params)
end
unless config[:strategy]
config = config.dup if config.frozen?
config[:strategy] ||= Html2rss::RequestService.default_strategy_name
end
feed = Html2rss.feed(config)
HttpCache.expires(response, feed.channel.ttl.to_i * 60, cache_control: 'public')
feed.to_s
end
end
Dir['helpers/*.rb'].each do |f|
if development?
Unreloader.require f
else
require_relative f
end
end
end
end
end