From 83a156fd3116dc56af86e17faaa381f020137b1c Mon Sep 17 00:00:00 2001
From: disqualifier <dev@disqualifier.me>
Date: Mon, 29 Jun 2026 01:10:25 -0400
Subject: [PATCH] fix: forward per-request timeout to geo lookups on an
 injected session

_get_json applied the timeout only when it created the session; when the caller passed their own session=, the timeout was silently dropped and the session default (aiohttp's 300s) governed. the per-request timeout is now passed to session.get(timeout=...) on both the owned and injected paths.

Signed-off-by: disqualifier <dev@disqualifier.me>
---
 src/commons/addr/geo.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/commons/addr/geo.py b/src/commons/addr/geo.py
index 4755a9e..2619b12 100644
--- a/src/commons/addr/geo.py
+++ b/src/commons/addr/geo.py
@@ -80,7 +80,8 @@ async def _get_json(
     if owns:
         session = aiohttp.ClientSession(timeout=aiohttp.ClientTimeout(total=timeout))
     try:
-        async with session.get(url, headers=headers) as resp:
+        request_timeout = aiohttp.ClientTimeout(total=timeout)
+        async with session.get(url, headers=headers, timeout=request_timeout) as resp:
             if resp.status != 200:
                 log.warning("address lookup %s -> %s", url, resp.status)
                 return None