pub fn classify_feed_privacy(url: &str) -> FeedPrivacyExpand description
Classify whether a feed URL carries a secret credential in the URL itself.
Returns FeedPrivacy::Private (with a reason) when the URL looks like it
embeds a token / key / auth credential, else FeedPrivacy::Public.
Design — provider-agnostic first. The primary defence is a generic credential-in-URL heuristic that catches paid feeds from any provider, not just the ones we’ve named; a secondary known-provider table adds precision (and a nicer reason) for the common paid newsletters and private podcasts. We deliberately bias toward flagging: a false-positive block of a public feed is low-harm (the user just can’t add that one feed yet), whereas a false negative would leak a paid secret onto the public network — high-harm.
Detection (any one is sufficient):
- Userinfo —
https://user:pass@host/…embeds credentials directly. - Known private-feed path markers — [
PRIVATE_PATH_MARKERS] (/feed/private/,/members/,/subscriber/, …). - Credential query parameters — a query key in [
SECRET_QUERY_KEYS] with a long/opaque value (Patreon?auth=, Ghost?uuid=,?token=, …). - High-entropy opaque token segments — a long opaque blob (hex ≥ 16, base64url ≥ 16, or a UUID) anywhere in the path or a query value, even without a telltale name.
- Known providers — [
KNOWN_PROVIDERS] host (+ optional marker) match.
An unparseable URL is treated as FeedPrivacy::Public: the add path rejects
a malformed URL downstream anyway, and we don’t want a parse quirk to
misclassify.