Skip to content

Refactor: Async backend + SQLite caching (Performance & Persistence)#9

Open
xkilldash9x wants to merge 3 commits intoNilchSearch:mainfrom
xkilldash9x:main
Open

Refactor: Async backend + SQLite caching (Performance & Persistence)#9
xkilldash9x wants to merge 3 commits intoNilchSearch:mainfrom
xkilldash9x:main

Conversation

@xkilldash9x
Copy link
Contributor

@xkilldash9x xkilldash9x commented Dec 30, 2025

I've been messing around with the nilch backend and put together a refactor to solve a couple of stability things I noticed.

Right now, since the cache is just a Python list, nilch forgets all the search results every time the server restarts (which happens a lot on standard WSGI hosts). This kills the hit rate and wastes API quota. I also moved the route handlers to async so the server doesn't lock up while waiting on Brave or Wikipedia to reply.

Changes

1. Persistent Caching (SQLite)

  • The Fix: Swapped the in-memory list cache for a local search_cache.db (SQLite).
  • Why: Now search results survive server restarts. If nilch crashes or redeploys, the cache is still there.
  • Tech: Enabled WAL mode (Write-Ahead Logging) to handle concurrent users without database locking errors. Also changed eviction to O(1) so it doesn't get slow as the cache fills up.

2. Async I/O

  • The Fix: Converted the main Flask routes (/api/search, /api/images) to async def.
  • Why: Standard Flask routes block the main thread while waiting for network requests. By making them async and throwing the heavy lifting (Brave API calls) into a thread pool, the search engine feels way snappier under load.

3. Image Search Caching

  • The Fix: Extended the caching logic to the /api/images endpoint.
  • Why: Previously, image searches weren't being cached at all. This hashes the query params so we don't have to hit the upstream API for repeated image searches.

4. Frontend Tweaks

  • The Fix: Added some defensive checks in results.html and images.html.
  • Why: If the upstream API returned a result without a thumbnail/profile image, the Javascript would crash and show a blank page. Now it handles missing images gracefully.
  • Clean up: Switched hardcoded URLs to relative paths (/api/...) so the code works in both dev and prod without changing lines.

@xkilldash9x
security/refactor: remove third-party proxy, enable CORS, and harden …
648e12c 
…backend

Major overhaul to address critical privacy and integrity violations caused by the use of a public CORS proxy.

Backend Changes (main.py):
* Implemented `flask-cors` to whitelist frontend origins, allowing the frontend to communicate directly with the API.
* Refactored the entire application into a class-based architecture (`BraveClient`, `SearchCache`, `InfoboxResolver`) for better maintainability and testing.
* Added comprehensive type hints and `TypedDict` definitions.
* Patched a potential RCE vulnerability in the calculator logic by restricting the `eval()` execution scope.

Frontend Changes (images, results, videos):
* Removed all references to `api.codetabs.com`. Requests now fetch directly from the backend API.
* Switched to `URLSearchParams` for pagination to fix a bug where page parameters were infinitely appended to the URL.
* Added proper error handling for network response failures.
@xkilldash9x
Corrected issue with wildcard usage in CORS by implementing loading
585adf9 
whitelists from env var
@xkilldash9x
modified: frontend/about.html
0ffacf0 
	modified:   frontend/default.html
	new file:   frontend/flask_app.py
	modified:   frontend/images.html
	modified:   frontend/index.html
	modified:   frontend/results.html
	modified:   frontend/videos.html
@xkilldash9x
Copy link
Contributor Author

xkilldash9x commented Dec 30, 2025

oh this pr has the fix for cors that turned out to not be the fix, also I havent had ANY time to do testing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xkilldash9x