fix: add comprehensive type annotations for mypy

- database.py: add type hints for Path, Flask, Any, BaseException - pki.py: add assertions to narrow Optional types after has_ca() checks - routes.py: annotate config values to avoid Any return types - api/__init__.py: use float for cleanup timestamps (time.time()) - __init__.py: remove unused return from setup_rate_limiting
2025-12-22 19:11:11 +01:00
parent 680b068c00
commit ca9342e92d
5 changed files with 36 additions and 20 deletions
--- a/app/pki.py
+++ b/app/pki.py
@@ -433,6 +433,7 @@ class PKI:
        if not self.has_ca():
            raise CANotFoundError("No CA configured")

+        assert self._ca_store is not None  # narrowing for mypy
        return {
            "id": self._ca_store["id"],
            "common_name": self._ca_store["common_name"],
@@ -449,7 +450,9 @@ class PKI:
        """
        if not self.has_ca():
            raise CANotFoundError("No CA configured")
-        return self._ca_store["certificate_pem"]
+        assert self._ca_store is not None  # narrowing for mypy
+        cert_pem: str = self._ca_store["certificate_pem"]
+        return cert_pem

    def _get_signing_key(self) -> tuple[Any, Any]:
        """Get CA private key and certificate for signing.
@@ -460,6 +463,8 @@ class PKI:
        if not self.has_ca():
            raise CANotFoundError("No CA configured")

+        assert self._ca_store is not None  # narrowing for mypy
+
        # Use cached key if available
        if "_private_key" in self._ca_store:
            return self._ca_store["_private_key"], self._ca_store["_certificate"]
@@ -504,6 +509,7 @@ class PKI:
            days = self.cert_days

        ca_key, ca_cert = self._get_signing_key()
+        assert self._ca_store is not None  # narrowing for mypy (validated in _get_signing_key)

        # Generate client key
        curves = {
@@ -636,7 +642,8 @@ class PKI:
            return False

        # Check expiry
-        return cert["expires_at"] >= int(time.time())
+        expires_at: int = cert["expires_at"]
+        return expires_at >= int(time.time())

    def get_certificate(self, fingerprint: str) -> dict | None:
        """Get certificate info by fingerprint.
@@ -728,7 +735,8 @@ def is_certificate_valid(fingerprint: str) -> bool:
        return False

    # Check expiry
-    return row["expires_at"] >= int(time.time())
+    expires_at: int = row["expires_at"]
+    return expires_at >= int(time.time())


 # ─────────────────────────────────────────────────────────────────────────────