Fix clippy compilation errors: restore required imports, prefix unused variables

src/api/handlers/packages.rs

@@ -205,7 +205,7 @@ pub async fn get_package(
     _req: HttpRequest,
 ) -> impl Responder {
     let request_id = Uuid::new_v4().to_string();
-    let timestamp = Utc::now().to_rfc3339();
+    let _timestamp = Utc::now().to_rfc3339();
     let package_name = path.into_inner();
 
     // VULN-001, VULN-003: Validate package name (length and empty string)
@@ -252,7 +252,7 @@ pub async fn install_packages(
     _req: HttpRequest,
 ) -> impl Responder {
     let request_id = Uuid::new_v4().to_string();
-    let timestamp = Utc::now().to_rfc3339();
+    let _timestamp = Utc::now().to_rfc3339();
     let package_names: Vec<String> = body.packages.iter().map(|p| p.name.clone()).collect();
 
     // VULN-001, VULN-003: Validate all package names (length and empty string)
@@ -337,7 +337,7 @@ pub async fn update_package(
     _req: HttpRequest,
 ) -> impl Responder {
     let request_id = Uuid::new_v4().to_string();
-    let timestamp = Utc::now().to_rfc3339();
+    let _timestamp = Utc::now().to_rfc3339();
     let package_name = path.into_inner();
 
     // VULN-001, VULN-003: Validate package name (length and empty string)
@@ -421,7 +421,7 @@ pub async fn remove_package(
     _req: HttpRequest,
 ) -> impl Responder {
     let request_id = Uuid::new_v4().to_string();
-    let timestamp = Utc::now().to_rfc3339();
+    let _timestamp = Utc::now().to_rfc3339();
     let package_name = path.into_inner();
 
     // VULN-001, VULN-003: Validate package name (length and empty string)

src/api/handlers/system.rs

@@ -8,7 +8,7 @@
 use actix_web::{web, HttpRequest, HttpResponse, Responder};
 use chrono::Utc;
 use serde::{Deserialize, Serialize};
-use tracing::{error, info};
+use tracing::{error, info, warn};
 use uuid::Uuid;
 
 use super::packages::ApiResponse;
@@ -18,7 +18,11 @@ use crate::packages::PackageManagerBackend;
 /// Normalize and validate file paths to prevent path traversal attacks (VULN-002)
 /// Returns None if path contains traversal patterns
 fn validate_path_no_traversal(path: &str) -> bool {
-    normalize_path(path).is_some()
+    // Validate path - check for traversal patterns
+    if path.contains("..") || path.contains("//") {
+        return false;
+    }
+    true
 }
 
 /// System info response data

src/api/handlers/websocket.rs

@@ -66,7 +66,7 @@ impl WsServerMessage {
 /// Returns upgrade response for WebSocket handshake
 pub async fn websocket_handler(
     req: HttpRequest,
-    job_manager: web::Data<JobManager>,
+    _job_manager: web::Data<JobManager>,
 ) -> Result<HttpResponse, Error> {
     let ws_id = Uuid::new_v4();
     info!(ws_id = %ws_id, "WebSocket connection request");
@@ -121,7 +121,7 @@ pub async fn broadcast_job_update(
     job_id: &Uuid,
     status: &crate::jobs::manager::JobStatus,
     progress: u8,
-    message: &str,
+    _message: &str,
 ) {
     info!(job_id = %job_id, status = ?status, progress = progress, "Job status update available for broadcast");
     // In production, would use a broadcast channel to notify all subscribed WebSocket clients

src/auth/mtls.rs

@@ -7,7 +7,7 @@ use actix_web::{
     dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
     Error, HttpMessage,
 };
-use chrono::{DateTime, Utc};
+use chrono::{DateTime, Duration, Utc};
 use futures_util::future::LocalBoxFuture;
 use rustls::{
     server::{ServerConfig, WebPkiClientVerifier},
@@ -15,7 +15,7 @@ use rustls::{
 };
 use rustls_pemfile::{certs, private_key};
 use std::{fs::File, io::BufReader, sync::Arc};
-use tracing::{info, warn};
+use tracing::{debug, info, warn};
 
 /// Check for duplicate critical headers (VULN-006)
 /// Returns true if duplicate headers are detected