Replace corsproxy.io with Vercel serverless proxies

- Add /api/yahoo-finance.js for stock quotes - Add /api/coingecko.js for crypto prices - Add /api/polymarket.js for prediction markets - Add /api/rss-proxy.js for RSS feeds (with domain allowlist) - Add /api/earthquakes.js for USGS data - Update feeds.ts to use direct URLs with RSS proxy - Simplify proxy.ts (no external CORS proxy needed) - Update earthquakes.ts and polymarket.ts to use new endpoints Eliminates dependency on unreliable third-party CORS proxy. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-04-25 17:14:57 +02:00 · 2026-01-11 07:34:57 +04:00
parent a46d98dae1
commit a928db67ab
10 changed files with 283 additions and 132 deletions
--- a/api/rss-proxy.js
+++ b/api/rss-proxy.js
@@ -0,0 +1,91 @@
+export const config = { runtime: 'edge' };
+
+// Allowed RSS feed domains for security
+const ALLOWED_DOMAINS = [
+  'feeds.bbci.co.uk',
+  'www.theguardian.com',
+  'feeds.npr.org',
+  'news.google.com',
+  'www.aljazeera.com',
+  'rss.cnn.com',
+  'hnrss.org',
+  'feeds.arstechnica.com',
+  'www.theverge.com',
+  'www.cnbc.com',
+  'feeds.marketwatch.com',
+  'www.defenseone.com',
+  'breakingdefense.com',
+  'www.bellingcat.com',
+  'techcrunch.com',
+  'huggingface.co',
+  'www.technologyreview.com',
+  'rss.arxiv.org',
+  'export.arxiv.org',
+  'www.federalreserve.gov',
+  'www.sec.gov',
+  'www.whitehouse.gov',
+  'www.state.gov',
+  'www.defense.gov',
+  'home.treasury.gov',
+  'www.justice.gov',
+  'tools.cdc.gov',
+  'www.fema.gov',
+  'www.dhs.gov',
+  'www.thedrive.com',
+  'krebsonsecurity.com',
+  'finance.yahoo.com',
+  'thediplomat.com',
+  'venturebeat.com',
+  'foreignpolicy.com',
+  'www.ft.com',
+  'openai.com',
+  'www.reutersagency.com',
+  'feeds.reuters.com',
+  'rsshub.app',
+];
+
+export default async function handler(req) {
+  const requestUrl = new URL(req.url);
+  const feedUrl = requestUrl.searchParams.get('url');
+
+  if (!feedUrl) {
+    return new Response(JSON.stringify({ error: 'Missing url parameter' }), {
+      status: 400,
+      headers: { 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*' },
+    });
+  }
+
+  try {
+    const parsedUrl = new URL(feedUrl);
+
+    // Security: Check if domain is allowed
+    if (!ALLOWED_DOMAINS.includes(parsedUrl.hostname)) {
+      return new Response(JSON.stringify({ error: 'Domain not allowed' }), {
+        status: 403,
+        headers: { 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*' },
+      });
+    }
+
+    const response = await fetch(feedUrl, {
+      headers: {
+        'User-Agent': 'Mozilla/5.0 (compatible; WorldMonitor/1.0)',
+        'Accept': 'application/rss+xml, application/xml, text/xml, */*',
+      },
+    });
+
+    const data = await response.text();
+    return new Response(data, {
+      status: response.status,
+      headers: {
+        'Content-Type': 'application/xml',
+        'Access-Control-Allow-Origin': '*',
+        'Cache-Control': 'public, max-age=300',
+      },
+    });
+  } catch (error) {
+    return new Response(JSON.stringify({ error: 'Failed to fetch feed' }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*' },
+    });
+  }
+}