From 455386de9fb6ec53b957f5ba62216f29e13eb5c1 Mon Sep 17 00:00:00 2001
From: Dhara Pandya <dharapandya2020@gmail.com>
Date: Wed, 4 Mar 2026 10:49:06 +0530
Subject: [PATCH] fix: enforce catalog integrity for order item creation

---
 backend/db.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/db.js b/backend/db.js
index 34e5835..dcf61dc 100644
--- a/backend/db.js
+++ b/backend/db.js
@@ -242,6 +242,9 @@ export const database = {
 
   createOrder({ spotId, userId, items }) {
     const parsedItems = items.map((item) => {
+      if ('name' in item || 'unitPrice' in item || 'total' in item) {
+      throw new Error('Do not provide name, unitPrice, or total. These are derived from catalog. ')
+      }
       const quantity = Number(item.quantity || 0);
       if (!item.productId || !Number.isInteger(quantity) || quantity <= 0) {
         throw new Error('Each order item must include productId and a positive integer quantity');