From 3d0699fe8ab975dc3427b6b8555e464ace05d6dc Mon Sep 17 00:00:00 2001
From: Cal Corum <calcorum@users.noreply.github.com>
Date: Tue, 17 Mar 2026 18:03:20 -0500
Subject: [PATCH] fix: enforce Literal validation on sort parameter in GET
 /api/v3/players (#66)

Closes #66

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 app/routers_v3/players.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/routers_v3/players.py b/app/routers_v3/players.py
index c43e0c2..927fd10 100644
--- a/app/routers_v3/players.py
+++ b/app/routers_v3/players.py
@@ -4,7 +4,7 @@ Thin HTTP layer using PlayerService for business logic.
 """
 
 from fastapi import APIRouter, Query, Response, Depends
-from typing import Optional, List
+from typing import Literal, Optional, List
 
 from ..dependencies import oauth2_scheme, cache_result, handle_db_errors
 from ..services.base import BaseService
@@ -23,7 +23,7 @@ async def get_players(
     pos: list = Query(default=None),
     strat_code: list = Query(default=None),
     is_injured: Optional[bool] = None,
-    sort: Optional[str] = None,
+    sort: Optional[Literal["cost-asc", "cost-desc", "name-asc", "name-desc"]] = None,
     limit: Optional[int] = Query(
         default=None, ge=1, description="Maximum number of results to return"
     ),