feat: adopt zeitwerk-backed web boot

Author: gildesmarais

Gemfile

@@ -17,12 +17,12 @@ gem 'rack-cache'
 gem 'rack-timeout'
 gem 'roda'
 gem 'ssrf_filter'
+gem 'zeitwerk'
 
 gem 'puma', require: false
 
 group :development do
   gem 'byebug'
-  gem 'rack-unreloader'
   gem 'rake', require: false
   gem 'rubocop', require: false
   gem 'rubocop-performance', require: false

Gemfile.lock

@@ -246,7 +246,6 @@ GEM
     rack-test (2.2.0)
       rack (>= 1.3)
     rack-timeout (0.7.0)
-    rack-unreloader (2.1.0)
     rails-dom-testing (2.3.0)
       activesupport (>= 5.0.0)
       minitest
@@ -375,7 +374,6 @@ DEPENDENCIES
   rack-cache
   rack-test
   rack-timeout
-  rack-unreloader
   rake
   roda
   rspec
@@ -393,6 +391,7 @@ DEPENDENCIES
   vcr
   webmock
   yard
+  zeitwerk
 
 CHECKSUMS
   actionpack (8.1.2) sha256=ced74147a1f0daafaa4bab7f677513fd4d3add574c7839958f7b4f1de44f8423
@@ -483,7 +482,6 @@ CHECKSUMS
   rack-session (2.1.1) sha256=0b6dc07dea7e4b583f58a48e8b806d4c9f1c6c9214ebc202ec94562cbea2e4e9
   rack-test (2.2.0) sha256=005a36692c306ac0b4a9350355ee080fd09ddef1148a5f8b2ac636c720f5c463
   rack-timeout (0.7.0) sha256=757337e9793cca999bb73a61fe2a7d4280aa9eefbaf787ce3b98d860749c87d9
-  rack-unreloader (2.1.0) sha256=18879cf2ced8ca21a01836bca706f65cce6ebe3f7d9d8a5157ce68ca62c7263a
   rails-dom-testing (2.3.0) sha256=8acc7953a7b911ca44588bf08737bc16719f431a1cc3091a292bca7317925c1d
   rails-html-sanitizer (1.7.0) sha256=28b145cceaf9cc214a9874feaa183c3acba036c9592b19886e0e45efc62b1e89
   rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a

app.rb

@@ -6,7 +6,9 @@
 require 'base64'
 
 require 'html2rss'
-Dir[File.join(__dir__, 'app/**/*.rb')].each { |file| require file }
+require_relative 'app/web/boot'
+
+Html2rss::Web::Boot.setup!(reloadable: ENV['RACK_ENV'] == 'development')
 
 module Html2rss
   module Web
@@ -85,6 +87,8 @@ def development? = self.class.development?
 
       plugin :json_parser
       plugin :public
+      plugin :head
+      plugin :not_allowed
       plugin :exception_page
       plugin :error_handler do |error|
         next exception_page(error) if development?

app/errors/exceptions.rb

@@ -1,8 +1,5 @@
 # frozen_string_literal: true
 
-require_relative '../config/local_config'
-require_relative 'security_logger'
-
 module Html2rss
   module Web
     ##

app/security/account_manager.rb app/web/account_manager.rbapp/security/account_manager.rb renamed to app/web/account_manager.rb

@@ -1,16 +1,14 @@
 # frozen_string_literal: true
 
-require_relative '../../errors/exceptions'
-
 module Html2rss
   module Web
     module Api
       module V1
         module Contract
           CODES = {
-            unauthorized: UnauthorizedError::CODE,
-            forbidden: ForbiddenError::CODE,
-            internal_server_error: InternalServerError::CODE
+            unauthorized: Html2rss::Web::UnauthorizedError::CODE,
+            forbidden: Html2rss::Web::ForbiddenError::CODE,
+            internal_server_error: Html2rss::Web::InternalServerError::CODE
           }.freeze
 
           MESSAGES = {

app/api/v1/contract.rb app/web/api/v1/contract.rbapp/api/v1/contract.rb renamed to app/web/api/v1/contract.rb

@@ -3,24 +3,16 @@
 require 'time'
 require 'json'
 
-require_relative '../../security/auth'
-require_relative '../../domain/auto_source'
-require_relative '../../errors/exceptions'
-require_relative '../../security/url_validator'
-require_relative '../../telemetry/observability'
-require_relative 'feed_metadata'
-require_relative 'response'
-
 module Html2rss
   module Web
     module Api
       module V1
         ##
         # Creates stable feed records from authenticated API requests.
-        module CreateFeed
+        module CreateFeed # rubocop:disable Metrics/ModuleLength
           FEED_ATTRIBUTE_KEYS =
             %i[id name url strategy feed_token public_url json_public_url created_at updated_at].freeze
-          class << self
+          class << self # rubocop:disable Metrics/ClassLength
             # Creates a feed and returns a normalized API success payload.
             #
             # @param request [Rack::Request] HTTP request with auth context.
@@ -41,14 +33,14 @@ def call(request)
 
             # @return [void]
             def ensure_auto_source_enabled!
-              raise ForbiddenError, Contract::MESSAGES[:auto_source_disabled] unless AutoSource.enabled?
+              raise Html2rss::Web::ForbiddenError, Contract::MESSAGES[:auto_source_disabled] unless AutoSource.enabled?
             end
 
             # @param request [Rack::Request]
             # @return [Hash]
             def require_account(request)
               account = Auth.authenticate(request)
-              raise UnauthorizedError, 'Authentication required' unless account
+              raise Html2rss::Web::UnauthorizedError, 'Authentication required' unless account
 
               account
             end
@@ -57,25 +49,35 @@ def require_account(request)
             # @param account [Hash]
             # @return [Html2rss::Web::Api::V1::FeedMetadata::CreateParams]
             def build_create_params(params, account)
-              url = params['url'].to_s.strip
-              raise BadRequestError, 'URL parameter is required' if url.empty?
-              raise BadRequestError, 'Invalid URL format' unless UrlValidator.valid_url?(url)
-              raise ForbiddenError, 'URL not allowed for this account' unless UrlValidator.url_allowed?(account, url)
-
+              url = validated_url(params['url'], account)
               FeedMetadata::CreateParams.new(
                 url: url,
                 name: FeedMetadata.site_title_for(url),
                 strategy: normalize_strategy(params['strategy'])
               )
             end
 
+            # @param raw_url [String, nil]
+            # @param account [Hash]
+            # @return [String]
+            def validated_url(raw_url, account)
+              url = raw_url.to_s.strip
+              raise Html2rss::Web::BadRequestError, 'URL parameter is required' if url.empty?
+              raise Html2rss::Web::BadRequestError, 'Invalid URL format' unless UrlValidator.valid_url?(url)
+              unless UrlValidator.url_allowed?(account, url)
+                raise Html2rss::Web::ForbiddenError, 'URL not allowed for this account'
+              end
+
+              url
+            end
+
             # @param raw_strategy [String, nil]
             # @return [String]
             def normalize_strategy(raw_strategy)
               strategy = raw_strategy.to_s.strip
               strategy = default_strategy if strategy.empty?
 
-              raise BadRequestError, 'Unsupported strategy' unless supported_strategies.include?(strategy)
+              raise Html2rss::Web::BadRequestError, 'Unsupported strategy' unless supported_strategy?(strategy)
 
               strategy
             end
@@ -85,6 +87,12 @@ def supported_strategies
               Html2rss::RequestService.strategy_names.map(&:to_s)
             end
 
+            # @param strategy [String]
+            # @return [Boolean]
+            def supported_strategy?(strategy)
+              supported_strategies.include?(strategy)
+            end
+
             # @return [String] default strategy identifier.
             def default_strategy
               Html2rss::RequestService.default_strategy_name.to_s
@@ -95,7 +103,6 @@ def default_strategy
             def feed_attributes(feed_data)
               timestamp = Time.now.iso8601
               typed_feed = feed_metadata(feed_data)
-
               typed_feed_attributes(typed_feed, timestamp).slice(*FEED_ATTRIBUTE_KEYS)
             end
 
@@ -109,11 +116,11 @@ def request_params(request)
               return request.params if raw_body.strip.empty?
 
               parsed = JSON.parse(raw_body)
-              raise BadRequestError, 'Invalid JSON payload' unless parsed.is_a?(Hash)
+              raise Html2rss::Web::BadRequestError, 'Invalid JSON payload' unless parsed.is_a?(Hash)
 
               request.params.merge(parsed)
             rescue JSON::ParserError
-              raise BadRequestError, 'Invalid JSON payload'
+              raise Html2rss::Web::BadRequestError, 'Invalid JSON payload'
             end
 
             # @param request [Rack::Request]
@@ -131,7 +138,7 @@ def build_feed_from_request(request)
               params = build_create_params(request_params(request), account)
 
               feed_data = AutoSource.create_stable_feed(params.name, params.url, account, params.strategy)
-              raise InternalServerError, 'Failed to create feed' unless feed_data
+              raise Html2rss::Web::InternalServerError, 'Failed to create feed' unless feed_data
 
               [params, feed_data]
             end

app/api/v1/create_feed.rb app/web/api/v1/create_feed.rbapp/api/v1/create_feed.rb renamed to app/web/api/v1/create_feed.rb

@@ -2,12 +2,6 @@
 
 require 'time'
 
-require_relative '../../security/auth'
-require_relative '../../errors/exceptions'
-require_relative '../../config/local_config'
-require_relative 'contract'
-require_relative 'response'
-
 module Html2rss
   module Web
     module Api
@@ -70,14 +64,14 @@ def authorize_health_check!(request)
               account = Auth.authenticate(request)
               return if account && account[:username] == 'health-check'
 
-              raise UnauthorizedError, 'Health check authentication required'
+              raise Html2rss::Web::UnauthorizedError, 'Health check authentication required'
             end
 
             # @return [void]
             def verify_configuration!
               LocalConfig.yaml
             rescue StandardError
-              raise InternalServerError, Contract::MESSAGES[:health_check_failed]
+              raise Html2rss::Web::InternalServerError, Contract::MESSAGES[:health_check_failed]
             end
           end
         end