From e05af11db80ea992b9fba8c4e8539f77153b0af8 Mon Sep 17 00:00:00 2001
From: WorldTeacher <admin@theprivateserver.de>
Date: Wed, 3 Dec 2025 14:53:54 +0100
Subject: [PATCH] fix(api): enforce query formatting

---
 api_service.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/api_service.py b/api_service.py
index 1ea1b83..d4026cc 100644
--- a/api_service.py
+++ b/api_service.py
@@ -11,6 +11,7 @@ import logging
 import os
 import re
 import time
+import urllib.parse
 from contextlib import asynccontextmanager
 from typing import TYPE_CHECKING, Any
 
@@ -30,7 +31,7 @@ redis_client = None
 @asynccontextmanager
 async def _lifespan(_app: FastAPI) -> AsyncIterator[None]:
     """Lifespan handler: connect to Redis on startup and close on shutdown."""
-    global redis_client
+    global redis_client  # type: ignore[PLW0603]
     if REDIS_URL:
         try:
             import redis.asyncio as aioredis
@@ -160,6 +161,10 @@ async def _cache_set(key: str, value: CacheValue, ttl: int = CACHE_TTL_SECONDS)
 async def validate_signature(signature: str = Query(...)) -> JSONResponse:
     """Validate a book signature and return total pages."""
     # check cache first
+    # ensure signature is stripped of leading/trailing whitespace
+    signature = signature.strip()
+    # enforce url quotes
+    signature = urllib.parse.quote(signature)
     cache_key = f"signature:{signature}"
     cached = await _cache_get(cache_key)
     if cached is not None: