mirror of
https://github.com/juherr/kill-the-news.git
synced 2026-06-21 06:13:48 +00:00
refactor: tighten DDD boundaries on the Feed aggregate
Address five modeling tensions in one pass: - Encapsulation: the Feed aggregate no longer exposes raw config/metadata (a shallow Readonly still leaked mutable arrays). It now offers intention-revealing accessors that return copies, plus toConfigSnapshot/toMetadataSnapshot for the repository and summary() for the global registry. - feeds:list consistency: FeedRepository.save/saveConfig upsert the registry entry from feed.summary(), so services no longer mirror title/description/ expiry by hand (the old add/updateInList footgun is gone). - domain/feed.ts: drop the dead applySenderPolicy, internalise resolveExpiresAt and trimToByteBudget into the aggregate; feed.ts keeps only the shared isExpired predicate used by the read-model routes. - Single edit path: remove editDetails; edit(patch, deps) is the sole config mutation, with a systematic expired guard. Renaming an expired feed now 403s. - FeedId flows through the application and infrastructure signatures; fromTrusted/parse happen once at the edge, .value only at the serialisation boundaries (urls, feed-generator, feed-keys, logs, JSON). 347 tests green, tsc clean, Worker bundle builds. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Julien Herr
+9
-66
@@ -1,37 +1,14 @@
|
||||
import { FeedConfig, FeedMetadata, EmailMetadata } from "../types";
|
||||
import { SenderPolicy, SenderDecision } from "./value-objects/sender-policy";
|
||||
|
||||
const HOUR_MS = 3_600_000;
|
||||
|
||||
export type { SenderDecision };
|
||||
import { FeedConfig } from "../types";
|
||||
|
||||
/**
|
||||
* The Feed aggregate's invariants, in one framework-agnostic place: expiry,
|
||||
* sender allow/block policy, and the email-size budget. No I/O and no ambient
|
||||
* time or environment — callers pass `now` (from a Clock) and a resolved
|
||||
* lifetime; persistence goes through the FeedRepository.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Resolve a feed's `expires_at` from an already-resolved lifetime (hours) and a
|
||||
* current instant. Returns undefined when no positive lifetime applies (i.e. the
|
||||
* feed never expires). The policy decision of *which* lifetime applies (a client
|
||||
* request vs. a server-side `FEED_TTL_HOURS` override, and parsing the env
|
||||
* string) belongs to the application layer, not here.
|
||||
*/
|
||||
export function resolveExpiresAt(
|
||||
ttlHours: number | undefined,
|
||||
now: number,
|
||||
): number | undefined {
|
||||
return ttlHours !== undefined && Number.isFinite(ttlHours) && ttlHours > 0
|
||||
? now + ttlHours * HOUR_MS
|
||||
: undefined;
|
||||
}
|
||||
|
||||
/**
|
||||
* Whether a feed has reached its expiry instant. `now` defaults to the wall
|
||||
* clock for convenience at the HTTP edge (routes); the aggregate always passes
|
||||
* its injected clock so its own behaviour stays deterministic.
|
||||
* The expiry predicate, shared between the Feed aggregate and the read-model
|
||||
* routes (rss/atom/entries) that render from a config snapshot without loading
|
||||
* the aggregate. This is the *only* feed invariant that lives outside the
|
||||
* aggregate, precisely because the hot read path bypasses it.
|
||||
*
|
||||
* `now` defaults to the wall clock for convenience at the HTTP edge; the
|
||||
* aggregate always passes its injected clock so its own behaviour stays
|
||||
* deterministic.
|
||||
*/
|
||||
export function isExpired(
|
||||
config: Pick<FeedConfig, "expires_at">,
|
||||
@@ -39,37 +16,3 @@ export function isExpired(
|
||||
): boolean {
|
||||
return config.expires_at !== undefined && config.expires_at <= now;
|
||||
}
|
||||
|
||||
/**
|
||||
* Decide whether an inbound email is accepted, given the feed's sender lists and
|
||||
* the message's candidate sender addresses. Thin wrapper over the `SenderPolicy`
|
||||
* value object (which holds the matching semantics).
|
||||
*/
|
||||
export function applySenderPolicy(
|
||||
config: Pick<FeedConfig, "allowed_senders" | "blocked_senders">,
|
||||
senders: string[],
|
||||
): SenderDecision {
|
||||
return SenderPolicy.fromLists(
|
||||
config.allowed_senders,
|
||||
config.blocked_senders,
|
||||
).decide(senders);
|
||||
}
|
||||
|
||||
/**
|
||||
* Enforce the per-feed byte budget by dropping the oldest emails (mutating
|
||||
* `metadata.emails`) until the total fits, always keeping at least one entry.
|
||||
* Returns the dropped entries so the caller can purge their KV/R2 storage.
|
||||
*/
|
||||
export function trimToByteBudget(
|
||||
metadata: FeedMetadata,
|
||||
maxBytes: number,
|
||||
): { dropped: EmailMetadata[] } {
|
||||
let totalSize = metadata.emails.reduce((sum, e) => sum + (e.size ?? 0), 0);
|
||||
const dropped: EmailMetadata[] = [];
|
||||
while (totalSize > maxBytes && metadata.emails.length > 1) {
|
||||
const entry = metadata.emails.pop()!;
|
||||
totalSize -= entry.size ?? 0;
|
||||
dropped.push(entry);
|
||||
}
|
||||
return { dropped };
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user