correctness batch: atomic writes, task refs, hmac, import-star, pickle
Per review §2: - web/db.py: new _tx() context manager wraps multi-statement writers in BEGIN IMMEDIATE … COMMIT/ROLLBACK (our connections run in autocommit mode, so plain `with _lock:` doesn't give atomicity). partnership_accept (UPDATE + DELETE) and cleanup_retention (3 deletes/updates) now use it. - Fire-and-forget tasks: add module-level _bg_tasks sets in web/app.py and web/enrichment.py. A _spawn() helper holds a strong ref until the task finishes so the GC can't drop it mid-flight (CPython's event loop only weakly references pending tasks). - apply/main.py: require_api_key uses hmac.compare_digest, matching web's check. Also imports now use explicit names instead of `from settings *`. - apply/language.py: replace `from settings import *` + `from paths import *` with explicit imports — this is the pattern that caused the LANGUAGE NameError earlier. - alert/utils.py: pickle-based hash_any_object → deterministic JSON+sha256. Cheaper, portable across Python versions, no pickle attack surface. - web/notifications.py: /fehler links repointed to /bewerbungen (the former page doesn't exist). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
77098c82df
commit
eb73b5e415
7 changed files with 66 additions and 19 deletions
13
web/app.py
13
web/app.py
|
|
@ -69,6 +69,17 @@ logger = logging.getLogger("web")
|
|||
|
||||
apply_client = ApplyClient()
|
||||
|
||||
# Strong refs for fire-and-forget tasks. asyncio.create_task only weakly
|
||||
# references tasks from the event loop — the GC could drop them mid-flight.
|
||||
_bg_tasks: set[asyncio.Task] = set()
|
||||
|
||||
|
||||
def _spawn(coro) -> asyncio.Task:
|
||||
t = asyncio.create_task(coro)
|
||||
_bg_tasks.add(t)
|
||||
t.add_done_callback(_bg_tasks.discard)
|
||||
return t
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# App + Jinja
|
||||
|
|
@ -326,7 +337,7 @@ def _kick_apply(user_id: int, flat_id: str, url: str, triggered_by: str) -> None
|
|||
profile_snapshot=profile,
|
||||
)
|
||||
|
||||
asyncio.create_task(asyncio.to_thread(
|
||||
_spawn(asyncio.to_thread(
|
||||
_finish_apply_background, app_id, user_id, flat_id, url, profile, submit_forms,
|
||||
))
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue