From b82bd1c85aaf3545f0b79378d8bfddc2ab5fe44b Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Wed, 4 Feb 2026 10:57:32 -0600 Subject: [PATCH] fix: remove dead code and security issue from code review - Remove unused _get_pypi_upstream_sources_cached function (never called) - Remove unused CacheService import and get_cache helper - Remove unused cache parameter from pypi_download_file - Fix asyncio.get_event_loop() deprecation - use get_running_loop() - Note: The caching implementation was incomplete but the other performance improvements (connection pooling, batch DB ops) remain --- backend/app/http_client.py | 2 +- backend/app/pypi_proxy.py | 63 -------------------------------------- 2 files changed, 1 insertion(+), 64 deletions(-) diff --git a/backend/app/http_client.py b/backend/app/http_client.py index d838675..fc32046 100644 --- a/backend/app/http_client.py +++ b/backend/app/http_client.py @@ -150,7 +150,7 @@ class HttpClientManager: if not self._executor: raise RuntimeError("HttpClientManager not started. Call startup() first.") - loop = asyncio.get_event_loop() + loop = asyncio.get_running_loop() return await loop.run_in_executor(self._executor, func, *args) @property diff --git a/backend/app/pypi_proxy.py b/backend/app/pypi_proxy.py index f84f124..c4e79ca 100644 --- a/backend/app/pypi_proxy.py +++ b/backend/app/pypi_proxy.py @@ -27,7 +27,6 @@ from .models import UpstreamSource, CachedUrl, Artifact, Project, Package, Packa from .storage import S3Storage, get_storage from .config import get_env_upstream_sources, get_settings from .http_client import HttpClientManager -from .cache_service import CacheService, CacheCategory from .db_utils import ArtifactRepository logger = logging.getLogger(__name__) @@ -40,11 +39,6 @@ def get_http_client(request: Request) -> HttpClientManager: return request.app.state.http_client -def get_cache(request: Request) -> CacheService: - """Get CacheService from app state.""" - return request.app.state.cache - - # Timeout configuration for proxy requests PROXY_CONNECT_TIMEOUT = 30.0 PROXY_READ_TIMEOUT = 60.0 @@ -254,62 +248,6 @@ def _extract_pypi_version(filename: str) -> Optional[str]: return None -async def _get_pypi_upstream_sources_cached( - db: Session, - cache: CacheService, -) -> list[UpstreamSource]: - """ - Get PyPI upstream sources with caching. - - Sources are cached for cache_ttl_upstream seconds to avoid - repeated database queries on every request. - """ - cache_key = "sources" - - # Try cache first - cached = await cache.get(CacheCategory.UPSTREAM_SOURCES, cache_key, protocol="pypi") - if cached: - source_data = json.loads(cached.decode()) - # Reconstruct UpstreamSource-like objects from cached data - # We cache just the essential fields needed for requests - return [type('CachedSource', (), d)() for d in source_data] - - # Query database - db_sources = ( - db.query(UpstreamSource) - .filter(UpstreamSource.source_type == "pypi", UpstreamSource.enabled == True) - .order_by(UpstreamSource.priority) - .all() - ) - - # Combine with env sources - env_sources = [s for s in get_env_upstream_sources() if s.source_type == "pypi"] - all_sources = list(db_sources) + list(env_sources) - all_sources = sorted(all_sources, key=lambda s: s.priority) - - # Cache the essential fields - if all_sources and cache.enabled: - cache_data = [ - { - "name": s.name, - "url": s.url, - "priority": s.priority, - "auth_type": getattr(s, "auth_type", "none"), - "username": getattr(s, "username", None), - "password": getattr(s, "password", None), - } - for s in all_sources - ] - await cache.set( - CacheCategory.UPSTREAM_SOURCES, - cache_key, - json.dumps(cache_data).encode(), - protocol="pypi", - ) - - return all_sources - - def _get_pypi_upstream_sources(db: Session) -> list[UpstreamSource]: """Get all enabled upstream sources configured for PyPI.""" # Get database sources @@ -643,7 +581,6 @@ async def pypi_download_file( db: Session = Depends(get_db), storage: S3Storage = Depends(get_storage), http_client: HttpClientManager = Depends(get_http_client), - cache: CacheService = Depends(get_cache), ): """ Download a package file, caching it in Orchard.