Remove public internet features and fix upstream source UI (#107)

2026-01-29 13:26:28 -06:00
parent e93e7e7021
commit 82f67539bd
13 changed files with 194 additions and 292 deletions
--- a/backend/app/upstream.py
+++ b/backend/app/upstream.py
@@ -57,10 +57,6 @@ class UpstreamSSLError(UpstreamError):
    pass


-class AirGapError(UpstreamError):
-    """Request blocked due to air-gap mode."""
-
-    pass


 class FileSizeExceededError(UpstreamError):
@@ -156,12 +152,6 @@ class UpstreamClient:
        # Sort sources by priority (lower = higher priority)
        self.sources = sorted(self.sources, key=lambda s: s.priority)

-    def _get_allow_public_internet(self) -> bool:
-        """Get the allow_public_internet setting."""
-        if self.cache_settings is None:
-            return True  # Default to allowing if no settings provided
-        return self.cache_settings.allow_public_internet
-
    def _match_source(self, url: str) -> Optional[UpstreamSource]:
        """
        Find the upstream source that matches the given URL.
@@ -288,7 +278,6 @@ class UpstreamClient:
            FetchResult with content, hash, size, and headers.

        Raises:
-            AirGapError: If air-gap mode blocks the request.
            SourceDisabledError: If the matching source is disabled.
            UpstreamConnectionError: On connection failures.
            UpstreamTimeoutError: On timeout.
@@ -301,19 +290,6 @@ class UpstreamClient:
        # Match URL to source
        source = self._match_source(url)

-        # Check air-gap mode
-        allow_public = self._get_allow_public_internet()
-
-        if not allow_public:
-            if source is None:
-                raise AirGapError(
-                    f"Air-gap mode enabled: URL does not match any configured upstream source: {url}"
-                )
-            if source.is_public:
-                raise AirGapError(
-                    f"Air-gap mode enabled: Cannot fetch from public source '{source.name}'"
-                )
-
        # Check if source is enabled (if we have a match)
        if source is not None and not source.enabled:
            raise SourceDisabledError(
@@ -536,7 +512,8 @@ class UpstreamClient:
        Test connectivity to an upstream source.

        Performs a HEAD request to the source URL to verify connectivity
-        and authentication.
+        and authentication. Does not follow redirects - a 3xx response
+        is considered successful since it proves the server is reachable.

        Args:
            source: The upstream source to test.
@@ -564,7 +541,7 @@ class UpstreamClient:
                    source.url,
                    headers=headers,
                    auth=auth,
-                    follow_redirects=True,
+                    follow_redirects=False,
                )
                # Consider 2xx and 3xx as success, also 405 (Method Not Allowed)
                # since some servers don't support HEAD
@@ -582,5 +559,7 @@ class UpstreamClient:
            return (False, f"Connection timed out: {e}", None)
        except httpx.ReadTimeout as e:
            return (False, f"Read timed out: {e}", None)
+        except httpx.TooManyRedirects as e:
+            return (False, f"Too many redirects: {e}", None)
        except Exception as e:
            return (False, f"Error: {e}", None)