GitHub/kill-the-news
1
0
Fork 0
mirror of https://github.com/juherr/kill-the-news.git synced 2026-06-20 22:03:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(websub): require feed existence for subscriptions, remove atom hub header, simplify router mounting

Browse Source 
- Add KV feed existence check in hub.ts to prevent SSRF via non-existent feeds (returns 404)
- Treat empty string hub.secret as absent (|| instead of ??)
- Remove misleading hub Link header from atom.ts (hub only supports RSS topics)
- Simplify double-layered hub router in index.ts (direct app.route instead of nested Hono)
- Update hub.test.ts to seed KV with feed config for tests requiring valid subscribe/unsubscribe

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Julien Herr
2026-05-21 23:15:52 +02:00
parent 0d00e003d4
commit 68151cbb5f
4 changed files with 42 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/index.ts
+1 -5
View File
@@ -109,7 +109,6 @@ const atom = new Hono();
const entries = new Hono();
const files = new Hono();
const admin = new Hono();
const hub = new Hono();
// Webhook security middleware for /inbound - verify ForwardEmail.net IP
api.use("/inbound", async (c, next) => {
@@ -151,9 +150,6 @@ files.get("/:attachmentId/:filename", handleFiles);
// Admin routes (protected)
admin.route("/", handleAdmin);
// Hub (WebSub) routes
hub.route("/", hubRouter);
// Mount the route groups
app.route("/api", api);
app.route("/rss", rss);
@@ -161,7 +157,7 @@ app.route("/atom", atom);
app.route("/entries", entries);
app.route("/files", files);
app.route("/admin", admin);
app.route("/hub", hub);
app.route("/hub", hubRouter);
// Root path redirects to admin dashboard
app.get("/", (c) => c.redirect("/admin"));