Move internal packages to an internal folder

For reference: https://go.dev/doc/go1.4#internalpackages

internal/http/response/builder.go

@@ -0,0 +1,143 @@
+// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package response // import "miniflux.app/v2/internal/http/response"
+
+import (
+	"compress/flate"
+	"compress/gzip"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"miniflux.app/v2/internal/logger"
+)
+
+const compressionThreshold = 1024
+
+// Builder generates HTTP responses.
+type Builder struct {
+	w                 http.ResponseWriter
+	r                 *http.Request
+	statusCode        int
+	headers           map[string]string
+	enableCompression bool
+	body              interface{}
+}
+
+// WithStatus uses the given status code to build the response.
+func (b *Builder) WithStatus(statusCode int) *Builder {
+	b.statusCode = statusCode
+	return b
+}
+
+// WithHeader adds the given HTTP header to the response.
+func (b *Builder) WithHeader(key, value string) *Builder {
+	b.headers[key] = value
+	return b
+}
+
+// WithBody uses the given body to build the response.
+func (b *Builder) WithBody(body interface{}) *Builder {
+	b.body = body
+	return b
+}
+
+// WithAttachment forces the document to be downloaded by the web browser.
+func (b *Builder) WithAttachment(filename string) *Builder {
+	b.headers["Content-Disposition"] = fmt.Sprintf("attachment; filename=%s", filename)
+	return b
+}
+
+// WithoutCompression disables HTTP compression.
+func (b *Builder) WithoutCompression() *Builder {
+	b.enableCompression = false
+	return b
+}
+
+// WithCaching adds caching headers to the response.
+func (b *Builder) WithCaching(etag string, duration time.Duration, callback func(*Builder)) {
+	b.headers["ETag"] = etag
+	b.headers["Cache-Control"] = "public"
+	b.headers["Expires"] = time.Now().Add(duration).Format(time.RFC1123)
+
+	if etag == b.r.Header.Get("If-None-Match") {
+		b.statusCode = http.StatusNotModified
+		b.body = nil
+		b.Write()
+	} else {
+		callback(b)
+	}
+}
+
+// Write generates the HTTP response.
+func (b *Builder) Write() {
+	if b.body == nil {
+		b.writeHeaders()
+		return
+	}
+
+	switch v := b.body.(type) {
+	case []byte:
+		b.compress(v)
+	case string:
+		b.compress([]byte(v))
+	case error:
+		b.compress([]byte(v.Error()))
+	case io.Reader:
+		// Compression not implemented in this case
+		b.writeHeaders()
+		_, err := io.Copy(b.w, v)
+		if err != nil {
+			logger.Error("%v", err)
+		}
+	}
+}
+
+func (b *Builder) writeHeaders() {
+	b.headers["X-XSS-Protection"] = "1; mode=block"
+	b.headers["X-Content-Type-Options"] = "nosniff"
+	b.headers["X-Frame-Options"] = "DENY"
+	b.headers["Referrer-Policy"] = "no-referrer"
+
+	for key, value := range b.headers {
+		b.w.Header().Set(key, value)
+	}
+
+	b.w.WriteHeader(b.statusCode)
+}
+
+func (b *Builder) compress(data []byte) {
+	if b.enableCompression && len(data) > compressionThreshold {
+		acceptEncoding := b.r.Header.Get("Accept-Encoding")
+
+		switch {
+		case strings.Contains(acceptEncoding, "gzip"):
+			b.headers["Content-Encoding"] = "gzip"
+			b.writeHeaders()
+
+			gzipWriter := gzip.NewWriter(b.w)
+			defer gzipWriter.Close()
+			gzipWriter.Write(data)
+			return
+		case strings.Contains(acceptEncoding, "deflate"):
+			b.headers["Content-Encoding"] = "deflate"
+			b.writeHeaders()
+
+			flateWriter, _ := flate.NewWriter(b.w, -1)
+			defer flateWriter.Close()
+			flateWriter.Write(data)
+			return
+		}
+	}
+
+	b.writeHeaders()
+	b.w.Write(data)
+}
+
+// New creates a new response builder.
+func New(w http.ResponseWriter, r *http.Request) *Builder {
+	return &Builder{w: w, r: r, statusCode: http.StatusOK, headers: make(map[string]string), enableCompression: true}
+}

internal/http/response/builder_test.go

@@ -0,0 +1,349 @@
+// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package response // import "miniflux.app/v2/internal/http/response"
+
+import (
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestResponseHasCommonHeaders(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		New(w, r).Write()
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	headers := map[string]string{
+		"X-XSS-Protection":       "1; mode=block",
+		"X-Content-Type-Options": "nosniff",
+		"X-Frame-Options":        "DENY",
+	}
+
+	for header, expected := range headers {
+		actual := resp.Header.Get(header)
+		if actual != expected {
+			t.Fatalf(`Unexpected header value, got %q instead of %q`, actual, expected)
+		}
+	}
+}
+
+func TestBuildResponseWithCustomStatusCode(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		New(w, r).WithStatus(http.StatusNotAcceptable).Write()
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusNotAcceptable
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+}
+
+func TestBuildResponseWithCustomHeader(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		New(w, r).WithHeader("X-My-Header", "Value").Write()
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expected := "Value"
+	actual := resp.Header.Get("X-My-Header")
+	if actual != expected {
+		t.Fatalf(`Unexpected header value, got %q instead of %q`, actual, expected)
+	}
+}
+
+func TestBuildResponseWithAttachment(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		New(w, r).WithAttachment("my_file.pdf").Write()
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expected := "attachment; filename=my_file.pdf"
+	actual := resp.Header.Get("Content-Disposition")
+	if actual != expected {
+		t.Fatalf(`Unexpected header value, got %q instead of %q`, actual, expected)
+	}
+}
+
+func TestBuildResponseWithError(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		New(w, r).WithBody(errors.New("Some error")).Write()
+	})
+
+	handler.ServeHTTP(w, r)
+
+	expectedBody := `Some error`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+}
+
+func TestBuildResponseWithByteBody(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		New(w, r).WithBody([]byte("body")).Write()
+	})
+
+	handler.ServeHTTP(w, r)
+
+	expectedBody := `body`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+}
+
+func TestBuildResponseWithCachingEnabled(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		New(w, r).WithCaching("etag", 1*time.Minute, func(b *Builder) {
+			b.WithBody("cached body")
+			b.Write()
+		})
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusOK
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `cached body`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedHeader := "public"
+	actualHeader := resp.Header.Get("Cache-Control")
+	if actualHeader != expectedHeader {
+		t.Fatalf(`Unexpected cache control header, got %q instead of %q`, actualHeader, expectedHeader)
+	}
+
+	if resp.Header.Get("Expires") == "" {
+		t.Fatalf(`Expires header should not be empty`)
+	}
+}
+
+func TestBuildResponseWithCachingAndEtag(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	r.Header.Set("If-None-Match", "etag")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		New(w, r).WithCaching("etag", 1*time.Minute, func(b *Builder) {
+			b.WithBody("cached body")
+			b.Write()
+		})
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusNotModified
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := ``
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedHeader := "public"
+	actualHeader := resp.Header.Get("Cache-Control")
+	if actualHeader != expectedHeader {
+		t.Fatalf(`Unexpected cache control header, got %q instead of %q`, actualHeader, expectedHeader)
+	}
+
+	if resp.Header.Get("Expires") == "" {
+		t.Fatalf(`Expires header should not be empty`)
+	}
+}
+
+func TestBuildResponseWithGzipCompression(t *testing.T) {
+	body := strings.Repeat("a", compressionThreshold+1)
+	r, err := http.NewRequest("GET", "/", nil)
+	r.Header.Set("Accept-Encoding", "gzip, deflate, br")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		New(w, r).WithBody(body).Write()
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expected := "gzip"
+	actual := resp.Header.Get("Content-Encoding")
+	if actual != expected {
+		t.Fatalf(`Unexpected header value, got %q instead of %q`, actual, expected)
+	}
+}
+
+func TestBuildResponseWithDeflateCompression(t *testing.T) {
+	body := strings.Repeat("a", compressionThreshold+1)
+	r, err := http.NewRequest("GET", "/", nil)
+	r.Header.Set("Accept-Encoding", "deflate")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		New(w, r).WithBody(body).Write()
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expected := "deflate"
+	actual := resp.Header.Get("Content-Encoding")
+	if actual != expected {
+		t.Fatalf(`Unexpected header value, got %q instead of %q`, actual, expected)
+	}
+}
+
+func TestBuildResponseWithCompressionDisabled(t *testing.T) {
+	body := strings.Repeat("a", compressionThreshold+1)
+	r, err := http.NewRequest("GET", "/", nil)
+	r.Header.Set("Accept-Encoding", "deflate")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		New(w, r).WithBody(body).WithoutCompression().Write()
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expected := ""
+	actual := resp.Header.Get("Content-Encoding")
+	if actual != expected {
+		t.Fatalf(`Unexpected header value, got %q instead of %q`, actual, expected)
+	}
+}
+
+func TestBuildResponseWithDeflateCompressionAndSmallPayload(t *testing.T) {
+	body := strings.Repeat("a", compressionThreshold)
+	r, err := http.NewRequest("GET", "/", nil)
+	r.Header.Set("Accept-Encoding", "deflate")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		New(w, r).WithBody(body).Write()
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expected := ""
+	actual := resp.Header.Get("Content-Encoding")
+	if actual != expected {
+		t.Fatalf(`Unexpected header value, got %q instead of %q`, actual, expected)
+	}
+}
+
+func TestBuildResponseWithoutCompressionHeader(t *testing.T) {
+	body := strings.Repeat("a", compressionThreshold+1)
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		New(w, r).WithBody(body).Write()
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expected := ""
+	actual := resp.Header.Get("Content-Encoding")
+	if actual != expected {
+		t.Fatalf(`Unexpected header value, got %q instead of %q`, actual, expected)
+	}
+}

internal/http/response/html/html.go

@@ -0,0 +1,88 @@
+// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package html // import "miniflux.app/v2/internal/http/response/html"
+
+import (
+	"net/http"
+
+	"miniflux.app/v2/internal/http/response"
+	"miniflux.app/v2/internal/logger"
+)
+
+// OK creates a new HTML response with a 200 status code.
+func OK(w http.ResponseWriter, r *http.Request, body interface{}) {
+	builder := response.New(w, r)
+	builder.WithHeader("Content-Type", "text/html; charset=utf-8")
+	builder.WithHeader("Cache-Control", "no-cache, max-age=0, must-revalidate, no-store")
+	builder.WithBody(body)
+	builder.Write()
+}
+
+// ServerError sends an internal error to the client.
+func ServerError(w http.ResponseWriter, r *http.Request, err error) {
+	logger.Error("[HTTP:Internal Server Error] %s => %v", r.URL, err)
+
+	builder := response.New(w, r)
+	builder.WithStatus(http.StatusInternalServerError)
+	builder.WithHeader("Content-Security-Policy", `default-src 'self'`)
+	builder.WithHeader("Content-Type", "text/html; charset=utf-8")
+	builder.WithHeader("Cache-Control", "no-cache, max-age=0, must-revalidate, no-store")
+	builder.WithBody(err)
+	builder.Write()
+}
+
+// BadRequest sends a bad request error to the client.
+func BadRequest(w http.ResponseWriter, r *http.Request, err error) {
+	logger.Error("[HTTP:Bad Request] %s => %v", r.URL, err)
+
+	builder := response.New(w, r)
+	builder.WithStatus(http.StatusBadRequest)
+	builder.WithHeader("Content-Security-Policy", `default-src 'self'`)
+	builder.WithHeader("Content-Type", "text/html; charset=utf-8")
+	builder.WithHeader("Cache-Control", "no-cache, max-age=0, must-revalidate, no-store")
+	builder.WithBody(err)
+	builder.Write()
+}
+
+// Forbidden sends a forbidden error to the client.
+func Forbidden(w http.ResponseWriter, r *http.Request) {
+	logger.Error("[HTTP:Forbidden] %s", r.URL)
+
+	builder := response.New(w, r)
+	builder.WithStatus(http.StatusForbidden)
+	builder.WithHeader("Content-Type", "text/html; charset=utf-8")
+	builder.WithHeader("Cache-Control", "no-cache, max-age=0, must-revalidate, no-store")
+	builder.WithBody("Access Forbidden")
+	builder.Write()
+}
+
+// NotFound sends a page not found error to the client.
+func NotFound(w http.ResponseWriter, r *http.Request) {
+	logger.Error("[HTTP:Not Found] %s", r.URL)
+
+	builder := response.New(w, r)
+	builder.WithStatus(http.StatusNotFound)
+	builder.WithHeader("Content-Type", "text/html; charset=utf-8")
+	builder.WithHeader("Cache-Control", "no-cache, max-age=0, must-revalidate, no-store")
+	builder.WithBody("Page Not Found")
+	builder.Write()
+}
+
+// Redirect redirects the user to another location.
+func Redirect(w http.ResponseWriter, r *http.Request, uri string) {
+	http.Redirect(w, r, uri, http.StatusFound)
+}
+
+// RequestedRangeNotSatisfiable sends a range not satisfiable error to the client.
+func RequestedRangeNotSatisfiable(w http.ResponseWriter, r *http.Request, contentRange string) {
+	logger.Error("[HTTP:Range Not Satisfiable] %s", r.URL)
+
+	builder := response.New(w, r)
+	builder.WithStatus(http.StatusRequestedRangeNotSatisfiable)
+	builder.WithHeader("Content-Type", "text/html; charset=utf-8")
+	builder.WithHeader("Cache-Control", "no-cache, max-age=0, must-revalidate, no-store")
+	builder.WithHeader("Content-Range", contentRange)
+	builder.WithBody("Range Not Satisfiable")
+	builder.Write()
+}

internal/http/response/html/html_test.go

@@ -0,0 +1,240 @@
+// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package html // import "miniflux.app/v2/internal/http/response/html"
+
+import (
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestOKResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		OK(w, r, "Some HTML")
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusOK
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `Some HTML`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	headers := map[string]string{
+		"Content-Type":  "text/html; charset=utf-8",
+		"Cache-Control": "no-cache, max-age=0, must-revalidate, no-store",
+	}
+
+	for header, expected := range headers {
+		actual := resp.Header.Get(header)
+		if actual != expected {
+			t.Fatalf(`Unexpected header value, got %q instead of %q`, actual, expected)
+		}
+	}
+}
+
+func TestServerErrorResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ServerError(w, r, errors.New("Some error"))
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusInternalServerError
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `Some error`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedContentType := "text/html; charset=utf-8"
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}
+
+func TestBadRequestResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		BadRequest(w, r, errors.New("Some error"))
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusBadRequest
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `Some error`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedContentType := "text/html; charset=utf-8"
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}
+
+func TestForbiddenResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		Forbidden(w, r)
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusForbidden
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `Access Forbidden`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedContentType := "text/html; charset=utf-8"
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}
+
+func TestNotFoundResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		NotFound(w, r)
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusNotFound
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `Page Not Found`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedContentType := "text/html; charset=utf-8"
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}
+
+func TestRedirectResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		Redirect(w, r, "/path")
+	})
+
+	handler.ServeHTTP(w, r)
+
+	resp := w.Result()
+	defer resp.Body.Close()
+
+	expectedStatusCode := http.StatusFound
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedResult := "/path"
+	actualResult := resp.Header.Get("Location")
+	if actualResult != expectedResult {
+		t.Fatalf(`Unexpected redirect location, got %q instead of %q`, actualResult, expectedResult)
+	}
+}
+
+func TestRequestedRangeNotSatisfiable(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		RequestedRangeNotSatisfiable(w, r, "bytes */12777")
+	})
+
+	handler.ServeHTTP(w, r)
+
+	resp := w.Result()
+	defer resp.Body.Close()
+
+	expectedStatusCode := http.StatusRequestedRangeNotSatisfiable
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedContentRangeHeader := "bytes */12777"
+	actualContentRangeHeader := resp.Header.Get("Content-Range")
+	if actualContentRangeHeader != expectedContentRangeHeader {
+		t.Fatalf(`Unexpected content range header, got %q instead of %q`, actualContentRangeHeader, expectedContentRangeHeader)
+	}
+}

internal/http/response/json/json.go

@@ -0,0 +1,120 @@
+// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package json // import "miniflux.app/v2/internal/http/response/json"
+
+import (
+	"encoding/json"
+	"errors"
+	"net/http"
+
+	"miniflux.app/v2/internal/http/response"
+	"miniflux.app/v2/internal/logger"
+)
+
+const contentTypeHeader = `application/json`
+
+// OK creates a new JSON response with a 200 status code.
+func OK(w http.ResponseWriter, r *http.Request, body interface{}) {
+	builder := response.New(w, r)
+	builder.WithHeader("Content-Type", contentTypeHeader)
+	builder.WithBody(toJSON(body))
+	builder.Write()
+}
+
+// Created sends a created response to the client.
+func Created(w http.ResponseWriter, r *http.Request, body interface{}) {
+	builder := response.New(w, r)
+	builder.WithStatus(http.StatusCreated)
+	builder.WithHeader("Content-Type", contentTypeHeader)
+	builder.WithBody(toJSON(body))
+	builder.Write()
+}
+
+// NoContent sends a no content response to the client.
+func NoContent(w http.ResponseWriter, r *http.Request) {
+	builder := response.New(w, r)
+	builder.WithStatus(http.StatusNoContent)
+	builder.WithHeader("Content-Type", contentTypeHeader)
+	builder.Write()
+}
+
+func Accepted(w http.ResponseWriter, r *http.Request) {
+	builder := response.New(w, r)
+	builder.WithStatus(http.StatusAccepted)
+	builder.WithHeader("Content-Type", contentTypeHeader)
+	builder.Write()
+}
+
+// ServerError sends an internal error to the client.
+func ServerError(w http.ResponseWriter, r *http.Request, err error) {
+	logger.Error("[HTTP:Internal Server Error] %s => %v", r.URL, err)
+
+	builder := response.New(w, r)
+	builder.WithStatus(http.StatusInternalServerError)
+	builder.WithHeader("Content-Type", contentTypeHeader)
+	builder.WithBody(toJSONError(err))
+	builder.Write()
+}
+
+// BadRequest sends a bad request error to the client.
+func BadRequest(w http.ResponseWriter, r *http.Request, err error) {
+	logger.Error("[HTTP:Bad Request] %s => %v", r.URL, err)
+
+	builder := response.New(w, r)
+	builder.WithStatus(http.StatusBadRequest)
+	builder.WithHeader("Content-Type", contentTypeHeader)
+	builder.WithBody(toJSONError(err))
+	builder.Write()
+}
+
+// Unauthorized sends a not authorized error to the client.
+func Unauthorized(w http.ResponseWriter, r *http.Request) {
+	logger.Error("[HTTP:Unauthorized] %s", r.URL)
+
+	builder := response.New(w, r)
+	builder.WithStatus(http.StatusUnauthorized)
+	builder.WithHeader("Content-Type", contentTypeHeader)
+	builder.WithBody(toJSONError(errors.New("access unauthorized")))
+	builder.Write()
+}
+
+// Forbidden sends a forbidden error to the client.
+func Forbidden(w http.ResponseWriter, r *http.Request) {
+	logger.Error("[HTTP:Forbidden] %s", r.URL)
+
+	builder := response.New(w, r)
+	builder.WithStatus(http.StatusForbidden)
+	builder.WithHeader("Content-Type", contentTypeHeader)
+	builder.WithBody(toJSONError(errors.New("access forbidden")))
+	builder.Write()
+}
+
+// NotFound sends a page not found error to the client.
+func NotFound(w http.ResponseWriter, r *http.Request) {
+	logger.Error("[HTTP:Not Found] %s", r.URL)
+
+	builder := response.New(w, r)
+	builder.WithStatus(http.StatusNotFound)
+	builder.WithHeader("Content-Type", contentTypeHeader)
+	builder.WithBody(toJSONError(errors.New("resource not found")))
+	builder.Write()
+}
+
+func toJSONError(err error) []byte {
+	type errorMsg struct {
+		ErrorMessage string `json:"error_message"`
+	}
+
+	return toJSON(errorMsg{ErrorMessage: err.Error()})
+}
+
+func toJSON(v interface{}) []byte {
+	b, err := json.Marshal(v)
+	if err != nil {
+		logger.Error("[HTTP:JSON] %v", err)
+		return []byte("")
+	}
+
+	return b
+}

internal/http/response/json/json_test.go

@@ -0,0 +1,312 @@
+// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package json // import "miniflux.app/v2/internal/http/response/json"
+
+import (
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestOKResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		OK(w, r, map[string]string{"key": "value"})
+	})
+
+	handler.ServeHTTP(w, r)
+
+	resp := w.Result()
+	defer resp.Body.Close()
+
+	expectedStatusCode := http.StatusOK
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `{"key":"value"}`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %q instead of %q`, actualBody, expectedBody)
+	}
+
+	expectedContentType := contentTypeHeader
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}
+
+func TestCreatedResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		Created(w, r, map[string]string{"key": "value"})
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusCreated
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `{"key":"value"}`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedContentType := contentTypeHeader
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}
+
+func TestNoContentResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		NoContent(w, r)
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusNoContent
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := ``
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedContentType := contentTypeHeader
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}
+
+func TestServerErrorResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ServerError(w, r, errors.New("some error"))
+	})
+
+	handler.ServeHTTP(w, r)
+
+	resp := w.Result()
+	defer resp.Body.Close()
+
+	expectedStatusCode := http.StatusInternalServerError
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `{"error_message":"some error"}`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %q instead of %q`, actualBody, expectedBody)
+	}
+
+	expectedContentType := contentTypeHeader
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}
+
+func TestBadRequestResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		BadRequest(w, r, errors.New("Some Error"))
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusBadRequest
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `{"error_message":"Some Error"}`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedContentType := contentTypeHeader
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}
+
+func TestUnauthorizedResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		Unauthorized(w, r)
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusUnauthorized
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `{"error_message":"access unauthorized"}`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedContentType := contentTypeHeader
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}
+
+func TestForbiddenResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		Forbidden(w, r)
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusForbidden
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `{"error_message":"access forbidden"}`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedContentType := contentTypeHeader
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}
+
+func TestNotFoundResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		NotFound(w, r)
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusNotFound
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `{"error_message":"resource not found"}`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedContentType := contentTypeHeader
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}
+
+func TestBuildInvalidJSONResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		OK(w, r, make(chan int))
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusOK
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := ``
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedContentType := contentTypeHeader
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}

internal/http/response/xml/xml.go

@@ -0,0 +1,27 @@
+// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package xml // import "miniflux.app/v2/internal/http/response/xml"
+
+import (
+	"net/http"
+
+	"miniflux.app/v2/internal/http/response"
+)
+
+// OK writes a standard XML response with a status 200 OK.
+func OK(w http.ResponseWriter, r *http.Request, body interface{}) {
+	builder := response.New(w, r)
+	builder.WithHeader("Content-Type", "text/xml; charset=utf-8")
+	builder.WithBody(body)
+	builder.Write()
+}
+
+// Attachment forces the XML document to be downloaded by the web browser.
+func Attachment(w http.ResponseWriter, r *http.Request, filename string, body interface{}) {
+	builder := response.New(w, r)
+	builder.WithHeader("Content-Type", "text/xml; charset=utf-8")
+	builder.WithAttachment(filename)
+	builder.WithBody(body)
+	builder.Write()
+}

internal/http/response/xml/xml_test.go

@@ -0,0 +1,82 @@
+// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package xml // import "miniflux.app/v2/internal/http/response/xml"
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestOKResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		OK(w, r, "Some XML")
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusOK
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `Some XML`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	expectedContentType := "text/xml; charset=utf-8"
+	actualContentType := resp.Header.Get("Content-Type")
+	if actualContentType != expectedContentType {
+		t.Fatalf(`Unexpected content type, got %q instead of %q`, actualContentType, expectedContentType)
+	}
+}
+
+func TestAttachmentResponse(t *testing.T) {
+	r, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		Attachment(w, r, "file.xml", "Some XML")
+	})
+
+	handler.ServeHTTP(w, r)
+	resp := w.Result()
+
+	expectedStatusCode := http.StatusOK
+	if resp.StatusCode != expectedStatusCode {
+		t.Fatalf(`Unexpected status code, got %d instead of %d`, resp.StatusCode, expectedStatusCode)
+	}
+
+	expectedBody := `Some XML`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody {
+		t.Fatalf(`Unexpected body, got %s instead of %s`, actualBody, expectedBody)
+	}
+
+	headers := map[string]string{
+		"Content-Type":        "text/xml; charset=utf-8",
+		"Content-Disposition": "attachment; filename=file.xml",
+	}
+
+	for header, expected := range headers {
+		actual := resp.Header.Get(header)
+		if actual != expected {
+			t.Fatalf(`Unexpected header value, got %q instead of %q`, actual, expected)
+		}
+	}
+}