Skip to content

Commit 26d0de6

Browse files
nanotaboadaCopilotclaude
committed
fix(api): add squad number mismatch guard and update README (#418)
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Claude <noreply@anthropic.com>
1 parent 08455c9 commit 26d0de6

2 files changed

Lines changed: 19 additions & 5 deletions

File tree

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -220,8 +220,8 @@ Interactive API documentation is available via Swagger UI at `https://localhost:
220220
- `GET /players/{id:Guid}` - Get player by ID (requires authentication)
221221
- `GET /players/squadNumber/{squadNumber:int}` - Get player by squad number
222222
- `POST /players` - Create new player
223-
- `PUT /players/squadNumber/{squadNumber}` - Update player
224-
- `DELETE /players/squadNumber/{squadNumber}` - Remove player
223+
- `PUT /players/squadNumber/{squadNumber:int}` - Update player
224+
- `DELETE /players/squadNumber/{squadNumber:int}` - Remove player
225225
- `GET /health` - Health check
226226

227227
For complete endpoint documentation with request/response schemas, explore the [interactive Swagger UI](https://localhost:9000/swagger/index.html).

src/Dotnet.Samples.AspNetCore.WebApi/Controllers/PlayerController.cs

Lines changed: 17 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -188,11 +188,25 @@ [FromBody] PlayerRequestModel player
188188
logger.LogWarning("PUT /players/squadNumber/{SquadNumber} not found", squadNumber);
189189
return TypedResults.NotFound();
190190
}
191+
if (player.SquadNumber != squadNumber)
192+
{
193+
logger.LogWarning(
194+
"PutAsync squad number mismatch: route {SquadNumber} != body {PlayerSquadNumber}",
195+
squadNumber,
196+
player.SquadNumber
197+
);
198+
return TypedResults.BadRequest(
199+
new
200+
{
201+
Error = "Squad number in the route does not match squad number in the request body."
202+
}
203+
);
204+
}
191205
await playerService.UpdateAsync(player);
192206
// Sanitize user-provided player data before logging to prevent log forging
193-
var sanitizedPlayerString = player?
194-
.ToString()?
195-
.Replace(Environment.NewLine, string.Empty)
207+
var sanitizedPlayerString = player
208+
?.ToString()
209+
?.Replace(Environment.NewLine, string.Empty)
196210
.Replace("\r", string.Empty)
197211
.Replace("\n", string.Empty);
198212
logger.LogInformation(

0 commit comments

Comments
 (0)