[enhancement] Add input validation to backend search endpoint

[pragnyanramtha]

Enhancement Description

The /api/search endpoint accepts a q query parameter without any validation. This could lead to issues with extremely long strings or malicious input.

Location

backend/routers/medicines.py (lines 110-118)

Current Code

@router.get("/search", response_model=List[Medicine])
def search_medicines(
    q: str, 
    category: Optional[str] = None, 
    limit: int = 20, 
    offset: int = 0
):
    try:
        query = supabase.table("medicines").select("*").ilike("medicine_name", f"%{q}%")

Problem

• No maximum length validation on q parameter
• No sanitization of input
• Could cause performance issues with very long strings
• Potential for abuse

Suggested Fix

Add validation:

from pydantic import BaseModel, validator

class SearchQuery(BaseModel):
    q: str
    category: Optional[str] = None
    limit: int = 20
    offset: int = 0
    
    @validator('q')
    def q_must_be_valid(cls, v):
        if len(v) > 100:
            raise ValueError('Query too long (max 100 chars)')
        if not v.strip():
            raise ValueError('Query cannot be empty')
        return v.strip()

Impact

• Better security
• Prevents abuse
• Improved performance

Labels

enhancement, backend, security, good first issue

[Saranyadharani]

Hi @pragnyanramtha

I can add input validation to the search endpoint!

My approach:

1. Create Pydantic model with validation
2. Add length limits (max 100 chars)
3. Prevent empty queries
4. Sanitize input (strip whitespace)
5. Add validation for limit/offset

Also, please add the NSoC'26 label to this issue for tracking.

Please assign this to me. Thanks!