From 695675132ae0d8d0349258e5b76276fe521cf11b Mon Sep 17 00:00:00 2001
From: Katherine Bargar <kbargar@fivecolleges.edu>
Date: Thu, 2 Oct 2025 20:13:24 +0000
Subject: [PATCH 1/2] Allow strings but parse ints by default

---
 app/main.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/main.py b/app/main.py
index ffbce1c..41d9f29 100644
--- a/app/main.py
+++ b/app/main.py
@@ -1,5 +1,5 @@
 from dotenv import load_dotenv
-from fastapi import APIRouter, FastAPI, Request, Response
+from fastapi import APIRouter, FastAPI, HTTPException, Request, Response
 from fastapi.routing import APIRoute
 from json2xml import json2xml
 from json2xml.utils import readfromstring
@@ -40,11 +40,15 @@ async def read_root():
 
 @router.get("/items/{barcode}")
 async def read_item(
-    barcode: int,
+    barcode: str,
     format: Optional[str] = "xml",
     replace: Optional[bool] = True,
     transform: Optional[bool] = True,
 ):
+    barcode_rx = os.getenv('BARCODE_REGEX', r'\d+')
+    if re.fullmatch(barcode_rx, barcode) is None:
+        raise HTTPException(status_code=400, detail="invalid barcode")
+
     url = f"{os.getenv('OKAPI_URL')}/inventory/items"
     params = {"query": f"(barcode=={barcode})"}
     headers = {

From 5628c91111a14072aeb4c24366b9ff9d644be981 Mon Sep 17 00:00:00 2001
From: Katherine Bargar <kbargar@fivecolleges.edu>
Date: Thu, 2 Oct 2025 20:19:01 +0000
Subject: [PATCH 2/2] Add the new env variable to the .env example

---
 .env.example | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.env.example b/.env.example
index c8e3c64..ef5a110 100644
--- a/.env.example
+++ b/.env.example
@@ -2,3 +2,4 @@ OKAPI_URL=CHANGEME
 OKAPI_TENANT=CHANGEME
 OKAPI_USER=CHANGEME
 OKAPI_PASSWORD=CHANGEME
+BARCODE_REGEX=CHANGEORREMOVEME