[Audit] drogon: /json pre-computes totals at startup instead of per-request

[jerrythetruckdriver]

Violation

File: frameworks/drogon/main.cc

What happens

In loadDataset() (line ~80), totals are pre-computed and stored in the DataItem struct at startup:

item.total = std::round(item.price * item.quantity * 100.0) / 100.0;
dataset.push_back(std::move(item));

The /json handler then just reads the pre-computed value:

item["total"] = d.total;

What the spec requires

On each GET /json request, must iterate all 50 items and compute total = price × quantity for each
Must NOT pre-compute totals at startup and cache the response — must compute per-request

The total multiplication needs to happen inside the request handler, not at startup. Pre-loading the dataset into memory is fine (spec says to do this), but the total field computation must be per-request work.

Suggested fix

Remove total from the DataItem struct. Compute it inside the /json handler:

item["total"] = std::round(d.price * d.quantity * 100.0) / 100.0;

And update the struct to not store total:

struct DataItem {
    int64_t id;
    std::string name, category;
    double price;
    int quantity;
    bool active;
    std::vector<std::string> tags;
    Rating rating;
    // remove: double total;
};

Note

The same pattern applies to /compression via loadDatasetLarge(), where totals are also pre-computed and the entire JSON response is pre-serialized at startup. That's a gray area per the spec (compression may pre-serialize JSON but should compute totals per-request), but worth reviewing too.