From ed6fc981c86647e3dc445bf8ba1ade86ce66dd46 Mon Sep 17 00:00:00 2001
From: maebeale <maebeale@users.noreply.github.com>
Date: Tue, 23 Jun 2026 20:37:53 -0400
Subject: [PATCH] Remove dead migration-audit routes that 500 on bot probes

These routes pointed at controllers that never existed, so any request
they matched raised ActionDispatch::MissingController (a 500) instead of
a 404. A bot probing GET /images/index.php matched `resources :images`
and dispatched to the missing ImagesController, generating Honeybadger
noise. Only primary_assets and rich_text_assets have real controllers.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 config/routes.rb                              | 14 -----------
 .../dead_migration_audit_routes_spec.rb       | 24 +++++++++++++++++++
 2 files changed, 24 insertions(+), 14 deletions(-)
 create mode 100644 spec/requests/dead_migration_audit_routes_spec.rb

diff --git a/config/routes.rb b/config/routes.rb
index 529c0cc97e..1703b81635 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,21 +1,7 @@
 Rails.application.routes.draw do
-  # temporary direct routes to images for migration audit
-  resources :attachments, only: [ :show ]
-  resources :media_files, only: [ :show ]
-  # namespace :assets do
-  #   resources :primary_assets, only: [ :show ]
-  #   resources :gallery_assets, only: [ :show ]
-  # end
   resources :primary_assets
   resources :rich_text_assets
 
-  namespace :images do
-    resources :primary_images, only: [ :show ]
-    resources :gallery_images, only: [ :show ]
-    resources :rich_texts, only: [ :show ]
-  end
-  resources :images, only: [ :show ]
-
   # mount Ckeditor::Engine, at: '/admin/ckeditor', as: 'ckeditor'
   authenticate :user, ->(user) { user.super_user? } do
     mount Blazer::Engine, at: "blazer"
diff --git a/spec/requests/dead_migration_audit_routes_spec.rb b/spec/requests/dead_migration_audit_routes_spec.rb
new file mode 100644
index 0000000000..d4ea5c5450
--- /dev/null
+++ b/spec/requests/dead_migration_audit_routes_spec.rb
@@ -0,0 +1,24 @@
+require "rails_helper"
+
+# Leftover "migration audit" routes pointed at controllers that never existed
+# (ImagesController, AttachmentsController, MediaFilesController, Images::*).
+# A bot probing GET /images/index.php matched `resources :images` and dispatched
+# to the missing ImagesController, raising ActionDispatch::MissingController (a
+# 500) instead of a plain 404. These paths must be unrouted, i.e. raise a
+# routing error rather than a missing-controller error.
+RSpec.describe "Removed migration-audit routes", type: :request do
+  [
+    "/images/index.php",
+    "/images/1",
+    "/images/primary_images/1",
+    "/images/gallery_images/1",
+    "/images/rich_texts/1",
+    "/attachments/1",
+    "/media_files/1"
+  ].each do |path|
+    it "404s for GET #{path} instead of erroring on a missing controller" do
+      get path
+      expect(response).to have_http_status(:not_found)
+    end
+  end
+end