cal/paper-dynasty-database
1
0
Fork 0
Code Issues 7 Pull Requests 4 Actions Packages Projects Releases Wiki Activity

fix: add type annotations to untyped path parameters (#27) #43

Merged
cal merged 1 commits from ai/paper-dynasty-database#27 into next-release 2026-03-05 03:18:51 +00:00
Conversation 0 Commits 1 Files Changed 3 +4 -4
cal commented 2026-03-03 22:32:59 +00:00
Owner
Copy Link

Summary

Adds int type annotations to four untyped path parameters so FastAPI can validate them and return 422 on bad input instead of unhandled DB errors.

Changed functions:

  • players.py:590get_one_player(player_id: int, ...)
  • players.py:1122delete_player(player_id: int, ...)
  • packs.py:112get_one_pack(pack_id: int, ...)
  • teams.py:179get_one_team(team_id: int, ...)

What was fixed

Without type hints FastAPI treats path params as str, skipping numeric validation. Non-integer inputs (e.g. /api/v2/players/abc) would reach the ORM and raise an unhandled exception instead of a clean 422 response.

Files changed

  • app/routers_v2/players.py
  • app/routers_v2/packs.py
  • app/routers_v2/teams.py

Tests

No test suite exists in this repo. Changes verified by reading back modified function signatures.

🤖 Generated with Claude Code

## Summary Adds `int` type annotations to four untyped path parameters so FastAPI can validate them and return 422 on bad input instead of unhandled DB errors. **Changed functions:** - `players.py:590` — `get_one_player(player_id: int, ...)` - `players.py:1122` — `delete_player(player_id: int, ...)` - `packs.py:112` — `get_one_pack(pack_id: int, ...)` - `teams.py:179` — `get_one_team(team_id: int, ...)` ## What was fixed Without type hints FastAPI treats path params as `str`, skipping numeric validation. Non-integer inputs (e.g. `/api/v2/players/abc`) would reach the ORM and raise an unhandled exception instead of a clean 422 response. ## Files changed - `app/routers_v2/players.py` - `app/routers_v2/packs.py` - `app/routers_v2/teams.py` ## Tests No test suite exists in this repo. Changes verified by reading back modified function signatures. 🤖 Generated with [Claude Code](https://claude.ai/claude-code)
cal added 1 commit 2026-03-03 22:33:00 +00:00 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
cal added the
ai-reviewing
 label 2026-03-03 22:46:18 +00:00
cal reviewed 2026-03-03 22:47:47 +00:00
cal left a comment
Author
Owner
Copy Link

AI Code Review

Files Reviewed

  • app/routers_v2/packs.py (modified)
  • app/routers_v2/players.py (modified)
  • app/routers_v2/teams.py (modified)

Findings

Correctness

  • All four changes are minimal and accurate. Adding : int to path parameters (pack_id, player_id, team_id) causes FastAPI to coerce and validate the value before the handler is invoked, returning a clean 422 Unprocessable Entity for non-integer inputs rather than passing a string to get_by_id() and letting the ORM raise an unhandled exception.
  • Each changed function already has a try/except Exception → HTTPException(404) guard beneath the signature change — the annotation does not break or bypass that logic.
  • The PR description accurately describes all four changed locations and the mechanism of the fix.

Security

  • Positive security change: FastAPI's built-in int coercion prevents non-numeric values from ever reaching the ORM query layer, reducing the attack surface for malformed path parameters.
  • No new attack surface introduced.

Style & Conventions

  • Changes are minimal and focused, consistent with project conventions.
  • No unnecessary abstractions or over-engineering.

Suggestions

  • There may be additional untyped path parameters elsewhere in routers_v2/ (e.g. in gauntlets.py, scouting.py). Worth a follow-up sweep if issue #27 didn't enumerate all of them.

Verdict: APPROVED

Clean, correct, focused fix. All four annotations match the PR description exactly, follow FastAPI conventions, and improve input validation with no side effects.

Note: Gitea does not permit self-approval; posted as COMMENT. Recommend merging.

Automated review by Claude PR Reviewer

## AI Code Review ### Files Reviewed - `app/routers_v2/packs.py` (modified) - `app/routers_v2/players.py` (modified) - `app/routers_v2/teams.py` (modified) ### Findings #### Correctness - All four changes are minimal and accurate. Adding `: int` to path parameters (`pack_id`, `player_id`, `team_id`) causes FastAPI to coerce and validate the value before the handler is invoked, returning a clean 422 Unprocessable Entity for non-integer inputs rather than passing a string to `get_by_id()` and letting the ORM raise an unhandled exception. - Each changed function already has a `try/except Exception → HTTPException(404)` guard beneath the signature change — the annotation does not break or bypass that logic. - The PR description accurately describes all four changed locations and the mechanism of the fix. #### Security - Positive security change: FastAPI's built-in `int` coercion prevents non-numeric values from ever reaching the ORM query layer, reducing the attack surface for malformed path parameters. - No new attack surface introduced. #### Style & Conventions - Changes are minimal and focused, consistent with project conventions. - No unnecessary abstractions or over-engineering. #### Suggestions - There may be additional untyped path parameters elsewhere in `routers_v2/` (e.g. in `gauntlets.py`, `scouting.py`). Worth a follow-up sweep if issue #27 didn't enumerate all of them. ### Verdict: APPROVED Clean, correct, focused fix. All four annotations match the PR description exactly, follow FastAPI conventions, and improve input validation with no side effects. > Note: Gitea does not permit self-approval; posted as COMMENT. Recommend merging. --- *Automated review by Claude PR Reviewer*
cal added
ai-reviewed
 and removed
ai-reviewing
 labels 2026-03-03 22:48:16 +00:00
cal force-pushed ai/paper-dynasty-database#27 from 8f3f4d1d58 to 5f86c8cb20 2026-03-05 03:18:42 +00:00 Compare
cal merged commit 9096a4b976 into next-release 2026-03-05 03:18:51 +00:00
cal deleted branch ai/paper-dynasty-database#27 2026-03-05 03:18:51 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
ai-changes-requested

   
ai-failed

   
ai-merged

PR merged by AI ops agent

  
ai-pr-opened

   
ai-reviewed

   
ai-reviewing

   
ai-reviewing

   
ai-working

   
bug

   
enhancement

   
evolution

Card Evolution system

  
performance

   
phase-0

Render Pipeline Optimization

  
phase-1a

Schema & Data Foundation

  
phase-1b

API & Formula Engine

  
phase-1c

Bot Integration

  
phase-1d

Deployment

  
security

   
tech-debt

   
todo
No Label
ai-changes-requested
ai-failed
ai-merged
ai-pr-opened
ai-reviewed
ai-reviewing
ai-reviewing
ai-working
bug
enhancement
evolution
performance
phase-0
phase-1a
phase-1b
phase-1c
phase-1d
security
tech-debt
todo
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cal/paper-dynasty-database#43
No description provided.
Delete Branch "ai/paper-dynasty-database#27"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?