From ece25ec22c0f836d1c54c46469376dee46de91e3 Mon Sep 17 00:00:00 2001 From: Cal Corum Date: Tue, 17 Mar 2026 18:03:20 -0500 Subject: [PATCH] fix: enforce Literal validation on sort parameter in GET /api/v3/players (#66) Closes #66 Co-Authored-By: Claude Sonnet 4.6 --- app/routers_v3/players.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/routers_v3/players.py b/app/routers_v3/players.py index 1801833..4cec970 100644 --- a/app/routers_v3/players.py +++ b/app/routers_v3/players.py @@ -4,7 +4,7 @@ Thin HTTP layer using PlayerService for business logic. """ from fastapi import APIRouter, Query, Response, Depends -from typing import Optional, List +from typing import Literal, Optional, List from ..dependencies import ( oauth2_scheme, @@ -27,8 +27,10 @@ async def get_players( pos: list = Query(default=None), strat_code: list = Query(default=None), is_injured: Optional[bool] = None, - sort: Optional[str] = None, - limit: Optional[int] = Query(default=None, ge=1), + sort: Optional[Literal["cost-asc", "cost-desc", "name-asc", "name-desc"]] = None, + limit: Optional[int] = Query( + default=None, ge=1, description="Maximum number of results to return" + ), offset: Optional[int] = Query( default=None, ge=0, description="Number of results to skip for pagination" ),