Remove obsolete specs for Html2rss::Web components including AutoSource, HealthCheck, HttpCache, LocalConfig, RackAttack, SecurityLogger, SsrfFilterStrategy, and XmlBuilder. These tests are no longer relevant to the current implementation.

Author: gildesmarais

CONFIGURATION.md

@@ -14,11 +14,11 @@
 
 ### Health Check Configuration
 
-| Variable             | Description        | Default     | Example                     |
-| -------------------- | ------------------ | ----------- | --------------------------- |
-| `HEALTH_CHECK_TOKEN` | Health check token | From config | `health-check-token-xyz789` |
+Health check authentication relies on the `health-check` account defined in `config/feeds.yml`. Expose the token via an environment variable and send it as a Bearer token when calling `/health_check.txt` or `/api/v1/health`.
 
-**Note:** Health check authentication now uses Bearer token authentication instead of username/password. The token is configured in `config/feeds.yml` under the `health-check` account.
+| Variable             | Description                                  | Default                     | Example                     |
+| -------------------- | -------------------------------------------- | --------------------------- | --------------------------- |
+| `HEALTH_CHECK_TOKEN` | Token forwarded to the container health check | `health-check-token-xyz789` | `health-check-token-xyz789` |
 
 ### Ruby Integration
 

Dockerfile

@@ -40,7 +40,8 @@ SHELL ["/bin/ash", "-o", "pipefail", "-c"]
 
 ENV PORT=3000 \
   RACK_ENV=production \
-  RUBY_YJIT_ENABLE=1
+  RUBY_YJIT_ENABLE=1 \
+  HEALTH_CHECK_TOKEN=health-check-token-xyz789
 
 EXPOSE $PORT
 

Makefile

@@ -48,8 +48,11 @@ test-frontend: ## Run frontend tests only
 test-frontend-unit: ## Run frontend unit tests only
 	@cd frontend && npm run test:unit
 
-test-frontend-integration: ## Run frontend integration tests only
-	@cd frontend && npm run test:integration
+test-frontend-contract: ## Run frontend contract tests only
+	@cd frontend && npm run test:contract
+
+test-frontend-smoke: ## Run frontend smoke tests (Playwright)
+	@cd frontend && npm run test:smoke
 
 lint: lint-ruby lint-js ## Run all linters (Ruby + Frontend) - errors when issues found
 	@echo "All linting complete!"

README.md

@@ -200,7 +200,10 @@ The project includes a modern Astro frontend alongside the Ruby backend:
 | `make dev-frontend`  | Start Astro dev server only           |
 | `make test`          | Run all tests (Ruby + Frontend)       |
 | `make test-ruby`     | Run Ruby tests only                   |
-| `make test-frontend` | Run frontend tests only               |
+| `make test-frontend` | Run frontend unit + contract tests    |
+| `make test-frontend-unit` | Run frontend unit tests only      |
+| `make test-frontend-contract` | Run frontend contract tests (Vitest + MSW) |
+| `make test-frontend-smoke` | Run frontend smoke tests (Playwright) |
 | `make lint`          | Run all linters (Ruby + Frontend)     |
 | `make lint-ruby`     | Run Ruby linter only                  |
 | `make lint-js`       | Run frontend linter only              |
@@ -216,6 +219,25 @@ The project includes a modern Astro frontend alongside the Ruby backend:
 | `cd frontend && npm install`   | Install frontend dependencies |
 | `cd frontend && npm run dev`   | Start frontend dev server     |
 | `cd frontend && npm run build` | Build frontend for production |
+| `cd frontend && npm run test:unit` | Run unit tests (Vitest) |
+| `cd frontend && npm run test:contract` | Run contract tests with MSW |
+| `cd frontend && npm run test:smoke` | Run Playwright smoke tests |
+
+### Testing Strategy
+
+| Layer            | Tooling                    | Notes |
+| ---------------- | -------------------------- | ----- |
+| Ruby API         | RSpec + Rack::Test         | Deterministic request specs for the Roda app |
+| Frontend Unit    | Vitest + Testing Library   | Hook/component behaviour with mocked fetch |
+| Frontend Contract| Vitest + MSW               | Exercises real fetch flows against mocked API responses |
+| Smoke            | Playwright                 | Minimal API smoke checks via the real Puma server |
+
+To execute Playwright smoke tests locally for the first time, install the required browsers:
+
+```bash
+cd frontend
+npx playwright install --with-deps
+```
 
 ## Contributing
 

Rakefile

@@ -40,8 +40,7 @@ task :test do
       '-d',
       '-p 3000:3000',
       '--env PUMA_LOG_CONFIG=1',
-      '--env HEALTH_CHECK_USERNAME=username',
-      '--env HEALTH_CHECK_PASSWORD=password',
+      '--env HEALTH_CHECK_TOKEN=health-check-token-xyz789',
       "--mount type=bind,source=#{current_dir}/config,target=/app/config",
       '--name html2rss-web-test',
       'gilcreator/html2rss-web'].join(' ')
@@ -57,8 +56,12 @@ task :test do
   Output.describe 'Generating example feed from feeds.yml'
   sh 'curl -f http://127.0.0.1:3000/example.rss || exit 1'
 
-  Output.describe 'Authenticated request to GET /health_check.txt'
-  sh 'docker exec html2rss-web-test curl -f http://username:password@127.0.0.1:3000/health_check.txt || exit 1'
+  Output.describe 'Health check endpoint'
+  sh <<~COMMAND
+    docker exec html2rss-web-test curl -f \
+      -H "Authorization: Bearer health-check-token-xyz789" \
+      http://127.0.0.1:3000/health_check.txt || exit 1
+  COMMAND
 
   # skipped as html2rss is used in development version
   # Output.describe 'Print output of `html2rss help`'

app.rb

@@ -176,7 +176,6 @@ def development? = self.class.development?
           # Skip static file requests
           next if feed_name.include?('.') && !feed_name.end_with?('.xml', '.rss')
 
-          # Route to feed generation without auth for backward compatibility
           handle_feed_generation(r, feed_name)
         end
         r.get 'health_check.txt' do
@@ -202,24 +201,48 @@ def handle_feed_generation(router, feed_name)
       def handle_health_check(router)
         router.response['Content-Type'] = 'text/plain'
 
-        health_response = Api::V1::Health.show(router)
-
-        raise 'unhealthy' unless health_response[:success] && health_response.dig(:data, :health, :status) == 'healthy'
+        verify_health_check_authorization!(router)
+        verify_health_status!
 
         'success'
+      rescue UnauthorizedError => error
+        router.response.status = 401
+        error.message
       rescue StandardError => error
         router.response.status = 500
 
         "health check error: #{error.message}"
       end
 
+      def verify_health_check_authorization!(router)
+        health_account = HealthCheck.find_health_check_account
+        account = Auth.authenticate(router)
+
+        return if authorized_health_check_account?(account, health_account)
+
+        raise UnauthorizedError, 'health check requires bearer token'
+      end
+
+      def authorized_health_check_account?(account, health_account)
+        account && health_account &&
+          account[:username] == health_account[:username] &&
+          account[:token] == health_account[:token]
+      end
+
+      def verify_health_status!
+        return if HealthCheck.run == 'success'
+
+        raise 'unhealthy'
+      end
+
       def fallback_html
         <<~HTML
           <!DOCTYPE html>
           <html>
             <head>
               <title>html2rss-web</title>
               <meta name="viewport" content="width=device-width,initial-scale=1">
+              <meta name="robots" content="noindex,nofollow">
             </head>
             <body>
               <h1>html2rss-web</h1>

app/api/v1/feeds.rb

@@ -16,18 +16,8 @@ module V1
         module Feeds
           module_function
 
-          def index(_request) # rubocop:disable Metrics/MethodLength
-            feeds = Html2rss::Web::Feeds.list_feeds.map do |feed|
-              {
-                id: feed[:name],
-                name: feed[:name],
-                description: feed[:description],
-                public_url: "/#{feed[:name]}",
-                created_at: nil,
-                updated_at: nil
-              }
-            end
-
+          def index(_request)
+            feeds = Html2rss::Web::Feeds.list_feeds
             { success: true, data: { feeds: feeds }, meta: { total: feeds.count } }
           end
 
@@ -131,6 +121,9 @@ def build_create_response(request, feed_data)
               updated_at: Time.now.iso8601
             } }, meta: { created: true } }
           end
+          module_function :extract_create_params, :validate_create_params, :build_create_response, :authenticate_request
+          private_class_method :extract_create_params, :validate_create_params, :build_create_response,
+                               :authenticate_request
         end
       end
     end

app/feeds.rb

@@ -4,7 +4,6 @@
 
 require_relative 'auth'
 require_relative 'local_config'
-require_relative 'xml_builder'
 
 module Html2rss
   module Web
@@ -16,26 +15,20 @@ module Feeds
       def list_feeds
         LocalConfig.feed_names.map do |name|
           {
-            name: name,
-            url: "/api/#{name}",
-            description: "RSS feed for #{name}"
+            id: name.to_s,
+            name: name.to_s,
+            description: "RSS feed for #{name}",
+            public_url: "/#{name}"
           }
         end
       end
 
       def generate_feed(feed_name, params = {})
         config = LocalConfig.find(feed_name)
-
         config[:params] = (config[:params] || {}).merge(params) if params.any?
-
         config[:strategy] ||= Html2rss::RequestService.default_strategy_name
-
         Html2rss.feed(config)
       end
-
-      def error_feed(message)
-        XmlBuilder.build_error_feed(message: message)
-      end
     end
   end
 end