From e1585216e6096c114f6b9dbcfa25699dcda334f6 Mon Sep 17 00:00:00 2001 From: Your Name <119736744+aborayan2022@users.noreply.github.com> Date: Sat, 21 Mar 2026 09:10:18 +0200 Subject: [PATCH] refactor: clean up health check and task access logic by removing unused code --- backend/app/routes/health.py | 3 +++ backend/app/routes/tasks.py | 12 ------------ backend/app/services/account_service.py | 17 ----------------- backend/app/services/policy_service.py | 11 +---------- 4 files changed, 4 insertions(+), 39 deletions(-) diff --git a/backend/app/routes/health.py b/backend/app/routes/health.py index f3791d7..ff1224c 100644 --- a/backend/app/routes/health.py +++ b/backend/app/routes/health.py @@ -1,10 +1,13 @@ """Health check endpoint.""" from flask import Blueprint, jsonify +from app.extensions import limiter + health_bp = Blueprint("health", __name__) @health_bp.route("/health", methods=["GET"]) +@limiter.exempt def health_check(): """Simple health check — returns 200 if the service is running.""" return jsonify({ diff --git a/backend/app/routes/tasks.py b/backend/app/routes/tasks.py index 4d28e33..b2bddc0 100644 --- a/backend/app/routes/tasks.py +++ b/backend/app/routes/tasks.py @@ -11,7 +11,6 @@ from app.services.policy_service import ( resolve_api_actor, resolve_web_actor, ) -from app.utils.auth import remember_task_access tasks_bp = Blueprint("tasks", __name__) @@ -53,17 +52,6 @@ def get_task_status(task_id: str): task_result = result.result or {} response["result"] = task_result - # Remember the file UUID in the session so the download route can verify access. - # The download URL contains a different UUID than the Celery task ID. - download_url = task_result.get("download_url", "") - if download_url: - parts = download_url.split("/") - # URL format: /api/download// - if len(parts) >= 4: - file_uuid = parts[3] - if file_uuid != task_id: - remember_task_access(file_uuid) - elif result.state == "FAILURE": response["error"] = str(result.info) if result.info else "Task failed." diff --git a/backend/app/services/account_service.py b/backend/app/services/account_service.py index 5177439..88af715 100644 --- a/backend/app/services/account_service.py +++ b/backend/app/services/account_service.py @@ -678,23 +678,6 @@ def has_task_access(user_id: int, source: str, task_id: str) -> bool: return row is not None -def has_download_access(user_id: int, file_task_id: str) -> bool: - """Return whether one user owns a file_history entry whose download_url contains the given file task id.""" - pattern = f"/api/download/{file_task_id}/" - with _connect() as conn: - row = conn.execute( - """ - SELECT 1 - FROM file_history - WHERE user_id = ? AND download_url LIKE ? - LIMIT 1 - """, - (user_id, f"%{pattern}%"), - ).fetchone() - - return row is not None - - # --------------------------------------------------------------------------- # Password reset tokens # --------------------------------------------------------------------------- diff --git a/backend/app/services/policy_service.py b/backend/app/services/policy_service.py index 3651c10..6de8406 100644 --- a/backend/app/services/policy_service.py +++ b/backend/app/services/policy_service.py @@ -8,7 +8,6 @@ from app.services.account_service import ( get_api_key_actor, get_user_by_id, get_current_period_month, - has_download_access, has_task_access, normalize_plan, record_usage_event, @@ -228,13 +227,8 @@ def build_task_tracking_kwargs(actor: ActorContext) -> dict: def assert_api_task_access(actor: ActorContext, task_id: str): """Ensure one API actor can poll one task id.""" - if actor.user_id is None: + if actor.user_id is None or not has_task_access(actor.user_id, "api", task_id): raise PolicyError("Task not found.", 404) - if has_task_access(actor.user_id, "api", task_id): - return - if has_download_access(actor.user_id, task_id): - return - raise PolicyError("Task not found.", 404) def assert_web_task_access(actor: ActorContext, task_id: str): @@ -242,9 +236,6 @@ def assert_web_task_access(actor: ActorContext, task_id: str): if actor.user_id is not None and has_task_access(actor.user_id, "web", task_id): return - if actor.user_id is not None and has_download_access(actor.user_id, task_id): - return - if has_session_task_access(task_id): return