From d2b919cd66f4d78cd0c72febfd90af6cfb13c5ff Mon Sep 17 00:00:00 2001
From: Dylan De Faoite <dylanseandefaoite@gmail.com>
Date: Sat, 14 Mar 2026 17:35:05 +0000
Subject: [PATCH] fix(api): enforce integer limit and cap at 1000 in
 scrape_data function

---
 server/app.py | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/server/app.py b/server/app.py
index 3504325..95ba846 100644
--- a/server/app.py
+++ b/server/app.py
@@ -150,16 +150,20 @@ def scrape_data():
         if "name" not in source:
             return jsonify({"error": "Each source must contain a name"}), 400
 
-        if "limit" in source:
-            try:
-                source["limit"] = int(source["limit"])
-            except (ValueError, TypeError):
-                return jsonify({"error": "Limit must be an integer"}), 400
-
         name = source["name"]
+        limit = source.get("limit", 1000)
         category = source.get("category")
         search = source.get("search")
 
+        if limit:
+            try:
+                limit = int(limit)
+            except (ValueError, TypeError):
+                return jsonify({"error": "Limit must be an integer"}), 400
+            
+            if limit > 1000:
+                limit = 1000
+
         if name not in connector_metadata:
             return jsonify({"error": "Source not supported"}), 400