Description
The POST /api/confirm endpoint accepts a raw dict body instead of a Pydantic model, bypassing FastAPI's automatic validation:
# main.py line 241
@app.post("/api/confirm")
async def confirm_action(body: dict):
request_id = body.get("request_id")
confirmed = body.get("confirmed")This means:
- No type validation (confirmed could be a string, int, or absent)
- No automatic OpenAPI schema generation
- Manual null checks instead of Pydantic enforcement
Fix
Create a Pydantic model:
class ConfirmRequest(BaseModel):
request_id: str
confirmed: boolReplace body: dict with body: ConfirmRequest.
Description
The
POST /api/confirmendpoint accepts a rawdictbody instead of a Pydantic model, bypassing FastAPI's automatic validation:This means:
Fix
Create a Pydantic model:
Replace
body: dictwithbody: ConfirmRequest.