-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.rb
139 lines (104 loc) · 3.25 KB
/
app.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# frozen_string_literal: true
require_relative "models/rel_me_urls_parser"
class App < Roda
class InvalidURIError < StandardError; end
HTTP_HEADERS_OPTS = {
accept: "*/*",
user_agent: "rel=“me” Link Discovery (https://rel-me.cc)"
}.freeze
# Routing plugins
plugin :head
plugin :not_allowed
plugin :status_handler
plugin :type_routing, exclude: [:xml]
# Rendering plugins
plugin :h
plugin :link_to
plugin :public
plugin :render, engine: "html.erb"
# Request/Response plugins
plugin :caching
plugin :halt
plugin :content_security_policy do |csp|
csp.base_uri :self
csp.block_all_mixed_content
csp.default_src :none
csp.font_src :self, "https://fonts.gstatic.com"
csp.form_action :self
csp.frame_ancestors :none
csp.img_src :self
csp.script_src :self
csp.style_src :self, "https://fonts.googleapis.com"
end
plugin :permissions_policy, default: :none
plugin :default_headers,
"Referrer-Policy" => "no-referrer-when-downgrade",
"X-Frame-Options" => "DENY",
"X-XSS-Protection" => "0"
# Other plugins
plugin :environments
plugin :heartbeat
# Third-party plugins
plugin :sprockets,
css_compressor: :sass_embedded,
debug: false,
precompile: ["application.css", "apple-touch-icon-180x180.png", "icon.png"]
configure do
use Rack::CommonLogger
use Rack::ContentType
use Rack::Deflater
use Rack::ETag
end
# :nocov:
configure :production do
use Rack::HostRedirect, [ENV.fetch("HOSTNAME", nil), "www.rel-me.cc"].compact => "rel-me.cc"
use Rack::Static,
urls: ["/assets"],
root: "public",
header_rules: [
[:all, { "cache-control": "max-age=31536000, immutable" }]
]
end
# :nocov:
route do |r|
r.public
r.sprockets unless opts[:environment] == "production"
r.root do
response.cache_control public: true
view :index
end
r.get "search" do
uri = HTTP::URI.parse(r.params["url"].to_s)
raise InvalidURIError unless uri.http? || uri.https?
rsp = HTTP.follow(max_hops: 20).headers(HTTP_HEADERS_OPTS).timeout(connect: 5, read: 5).get(uri)
rel_me_urls = RelMeUrlsParser.new(rsp).results
r.json { rel_me_urls.to_json }
view :search, locals: { canonical_url: rsp.uri.to_s, rel_me_urls: rel_me_urls }
rescue InvalidURIError, Addressable::URI::InvalidURIError
r.halt 400
rescue HTTP::Error, OpenSSL::SSL::SSLError
r.halt 408
end
end
status_handler(400) do |r|
error = { message: "Parameter url is required and must be a valid URL (e.g. https://example.com)" }
r.json { error.to_json }
view :bad_request, locals: error
end
status_handler(404) do |r|
response.cache_control public: true
error = { message: "The requested URL could not be found" }
r.json { error.to_json }
view :not_found, locals: error
end
status_handler(405, keep_headers: ["Allow"]) do |r|
error = { message: "The requested method is not allowed" }
r.json { error.to_json }
error[:message]
end
status_handler(408) do |r|
error = { message: "The request timed out and could not be completed" }
r.json { error.to_json }
view :request_timeout, locals: error
end
end