Sources hardening (Codex audit): promote-time dedup, postJSON timeout, host-only feed_key
Three follow-ups from Codex's audit of the deep-preview/search/dedup work:
- Promote-time duplicate guard: promote_candidate() now re-checks
find_existing_feed() and raises DuplicateFeedError → 409, so an
old/CLI/direct-DB candidate or a race can't bypass the add-time check and
silently overwrite a live source's settings via upsert. (sources scanned
first, so a real source collision wins over the candidate matching itself.)
- postJSON/putJSON/delJSON gain opt-in {timeout} (AbortController, default
none so other calls are unchanged); deep preview uses 120s and surfaces a
calm "timed out" message instead of pinning the button on "Deep-checking…"
if the LAN model stalls.
- feed_key() now lowercases the host only, not the whole URL — paths/queries
can be case-significant; scheme/www/trailing-slash/host-case still collapse.
Tests: test_candidate_deep_preview_and_dedup extended — promote succeeds once,
then a re-promote of the same candidate is refused 409. 224 pytest + 11 vitest.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -1207,6 +1207,13 @@ def create_app() -> FastAPI:
|
||||
trust_score=body.trust_score, pr_risk_score=body.pr_risk_score,
|
||||
poll_interval_minutes=body.poll_interval_minutes,
|
||||
)
|
||||
except sources.DuplicateFeedError as exc:
|
||||
ex = exc.existing
|
||||
raise HTTPException(
|
||||
status_code=409,
|
||||
detail=f"“{ex['name']}” is already a source ({ex['status']}) — "
|
||||
"promote skipped so its settings aren't overwritten.",
|
||||
)
|
||||
except ValueError:
|
||||
raise HTTPException(status_code=404, detail="candidate not found")
|
||||
src = conn.execute(
|
||||
|
||||
Reference in New Issue
Block a user