From bf332f27e0e2fc195a7e8d74c3087588d4d5b9a9 Mon Sep 17 00:00:00 2001 From: Lukas Date: Mon, 15 Dec 2025 15:22:01 +0100 Subject: [PATCH] pylint fixes --- src/server/services/anime_service.py | 8 +- todolist.md | 112 --------------------------- 2 files changed, 2 insertions(+), 118 deletions(-) delete mode 100644 todolist.md diff --git a/src/server/services/anime_service.py b/src/server/services/anime_service.py index 4b9b715..e569348 100644 --- a/src/server/services/anime_service.py +++ b/src/server/services/anime_service.py @@ -369,9 +369,7 @@ class AnimeService: async def _create_series_in_db(self, serie, db) -> None: """Create a new series in the database.""" - from src.server.database.service import ( - AnimeSeriesService, EpisodeService - ) + from src.server.database.service import AnimeSeriesService, EpisodeService anime_series = await AnimeSeriesService.create( db=db, @@ -400,9 +398,7 @@ class AnimeService: async def _update_series_in_db(self, serie, existing, db) -> None: """Update an existing series in the database.""" - from src.server.database.service import ( - AnimeSeriesService, EpisodeService - ) + from src.server.database.service import AnimeSeriesService, EpisodeService # Get existing episodes existing_episodes = await EpisodeService.get_by_series(db, existing.id) diff --git a/todolist.md b/todolist.md deleted file mode 100644 index 34a8ff6..0000000 --- a/todolist.md +++ /dev/null @@ -1,112 +0,0 @@ -# Todolist - Architecture and Design Issues - -This document tracks design and architecture issues discovered during documentation review. - ---- - -## Completed Issues (2025-12-15) - -### ✅ 1. In-Memory Rate Limiting Not Persistent - -**Title:** In-memory rate limiting resets on process restart - -**Severity:** medium - -**Location:** [src/server/middleware/auth.py](src/server/middleware/auth.py#L54-L68) - -**Description:** Rate limiting state is stored in memory dictionaries (`_rate`, `_origin_rate`) which reset when the process restarts, allowing attackers to bypass lockouts. - -**Resolution:** Added comprehensive documentation warning in the module docstring about single-process limitations and recommendations for production deployments (Redis, reverse proxy, etc.). - ---- - -### ✅ 2. Failed Login Attempts Not Persisted - -**Title:** Failed login attempts stored in-memory only - -**Severity:** medium - -**Location:** [src/server/services/auth_service.py](src/server/services/auth_service.py#L62-L74) - -**Description:** The `_failed` dictionary tracking failed login attempts resets on process restart, allowing brute-force bypass via service restart. - -**Resolution:** Added comprehensive documentation warning in the class docstring about single-process limitations and recommendations for production deployments. - ---- - -### ✅ 3. Duplicate Health Endpoints - -**Title:** Health endpoints defined in two locations - -**Severity:** low - -**Location:** [src/server/api/health.py](src/server/api/health.py) - -**Description:** Health check functionality was split between `api/health.py` (detailed checks) and `controllers/health_controller.py` (basic check). Both were registered, causing confusion. - -**Resolution:** Consolidated health endpoints into `api/health.py` only. Removed `controllers/health_controller.py`. Updated `fastapi_app.py` to import from `api/health.py`. - ---- - -### ✅ 4. Deprecation Warnings in Production Code - -**Title:** Deprecated file-based scan method still in use - -**Severity:** low - -**Location:** [src/core/SerieScanner.py](src/core/SerieScanner.py#L129-L145) - -**Description:** The `scan()` method emits deprecation warnings but is still callable. CLI may still use this method. - -**Resolution:** Fixed CLI (`src/cli/Main.py`) to use correct method names (`serie_scanner` not `SerieScanner`, `rescan()` is async). CLI now properly calls `asyncio.run(self.series_app.rescan(use_database=False))` for backward compatibility with file-based mode. - ---- - -### ✅ 9. Inconsistent Error Response Format - -**Title:** Some endpoints return different error formats - -**Severity:** low - -**Location:** [src/server/api/download.py](src/server/api/download.py), [src/server/api/anime.py](src/server/api/anime.py) - -**Description:** Most endpoints use the standard error response format from `error_handler.py`, but some handlers return raw `{"detail": "..."}` responses. - -**Resolution:** Updated `download.py` and `anime.py` to use custom exception classes (`BadRequestError`, `NotFoundError`, `ServerError`, `ValidationError`) which are handled by the centralized error handler for consistent response format with `success`, `error`, `message`, and `details` fields. - ---- - -### ✅ 10. Missing Input Validation on WebSocket - -**Title:** WebSocket messages lack comprehensive validation - -**Severity:** low - -**Location:** [src/server/api/websocket.py](src/server/api/websocket.py#L120-L145) - -**Description:** Client messages are parsed with basic Pydantic validation, but room names and action types are not strictly validated against an allow-list. - -**Resolution:** Added explicit room name validation against `VALID_ROOMS` allow-list. Added per-connection rate limiting (60 messages/minute) to prevent abuse. Added cleanup of rate limit records on disconnect. - ---- - -## Summary - -| Severity | Completed | -| --------- | ---------- | -| Medium | 2 | -| Low | 4 | -| **Total** | **6** | - ---- - -## Changelog - -**2025-12-15**: Completed all 6 identified issues: -- Enhanced documentation for in-memory limitations in rate limiting and failed login tracking -- Consolidated duplicate health endpoints into single module -- Fixed CLI to use correct async method names -- Updated endpoints to use consistent custom exception classes -- Added WebSocket room validation and rate limiting - -**2025-12-13**: Initial documentation review completed. Created comprehensive API.md with all REST and WebSocket endpoints documented with source references. Updated ARCHITECTURE.md with system overview, layer descriptions, design patterns, and data flow diagrams. Created README.md with quick start guide. Identified 12 design/architecture issues requiring attention.