fix: validate price_id format to reject invalid characters

[Washio20]

Summary

• Add pattern: ^[a-zA-Z0-9_-]+$ regex validation to all price_id fields in the OpenAPI spec
• This prevents invalid characters (e.g., Chinese characters, special symbols) from being accepted as pricing IDs

Root Cause

The price_id field in the device schemas (DeviceProperties, DeviceUpdate) had no format validation, allowing any string including non-alphanumeric characters to be submitted. Stripe pricing IDs only contain alphanumeric characters, hyphens, and underscores.

Changes

• openapi.yaml: Added pattern: ^[a-zA-Z0-9_-]+$ to price_id fields in DeviceProperties and DeviceUpdate schemas
• openapi.json: Same pattern added to the corresponding JSON definitions

Testing

• Verified the regex pattern ^[a-zA-Z0-9_-]+$ correctly:
  • Accepts: price_1234, price-abc, priceABC123
  • Rejects: strings containing Chinese characters, spaces, or other special characters

Closes #4

Summary by CodeRabbit

• Chores
  • API schema: device-related price_id fields now must contain only letters, numbers, underscores, or hyphens (pattern ^[a-zA-Z0-9_-]+$).
  • Device update endpoints: price_id remains nullable but, if provided, must match the same allowed-format pattern.
  • Result: tighter validation for price identifiers to prevent invalid values when creating or updating devices.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ef6689c and 9f8af77.

📒 Files selected for processing (2)

• openapi.json
• openapi.yaml

🚧 Files skipped from review as they are similar to previous changes (2)

• openapi.yaml
• openapi.json

---

📝 Walkthrough

Walkthrough

Added regex validation ^[a-zA-Z0-9_-]+$ to price_id in OpenAPI device schemas: DeviceProperties.price_id and nullable DeviceUpdate.price_id, restricting values to ASCII letters, digits, underscores, and hyphens (rejects Chinese and other non-allowed glyphs).

Changes

Cohort / File(s)	Summary
OpenAPI schemas openapi.json, openapi.yaml	Added pattern: "^[a-zA-Z0-9_-]+$" to DeviceProperties.price_id and to nullable DeviceUpdate.price_id, enforcing ASCII alphanumeric characters, underscores, and hyphens; addresses issue where Chinese characters were previously accepted.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I hopped through schemas, stitched a tiny gate,
Only letters, numbers, underscores, and straight,
No hanzi or symbols tucked under the rug,
Price_ids now tidy — the validator snug,
A small rabbit fix, quick as a sprightly skate.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main change: adding validation pattern to reject invalid characters in price_id field.
Linked Issues check	✅ Passed	The PR successfully addresses issue #4 by adding regex pattern validation to price_id in DeviceProperties and DeviceUpdate to reject non-ASCII characters and enforce Stripe ID format.
Out of Scope Changes check	✅ Passed	All changes are scoped to adding pattern validation to price_id fields in openapi.yaml and openapi.json, directly addressing the linked issue requirement.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This pull request adds regex pattern validation to the price_id field in the OpenAPI specification to enforce Stripe-compatible pricing ID formats. The change addresses issue #4, which reported that the API was accepting invalid characters (e.g., Chinese characters) in the price_id field, potentially causing billing issues.

Changes:

• Added pattern: ^[a-zA-Z0-9_-]+$ validation to price_id fields in both DeviceProperties and DeviceUpdate schemas
• Applied changes consistently to both openapi.yaml and openapi.json files

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
openapi.yaml	Added regex pattern validation to price_id in DeviceProperties schema (line 5789) and DeviceUpdate schema (line 5974) to restrict input to alphanumeric characters, underscores, and hyphens
openapi.json	Added regex pattern validation to price_id in DeviceProperties schema (line 7323) and DeviceUpdate schema (line 7484), matching the YAML changes

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Consider updating the description to document the validation pattern, similar to how device_id documents its format constraints. For example: "Stripe price ID for billing purposes. Must contain only alphanumeric characters, underscores, or hyphens." This would help API consumers understand the validation requirements without needing to inspect the schema.

Suggested change

	description: Stripe price ID for billing purposes.
	description: Stripe price ID for billing purposes. Must contain only alphanumeric characters, underscores (_), or hyphens (-).

[Copilot]

Consider updating the description to document the validation pattern, similar to how device_id documents its format constraints. For example: "Stripe price ID for billing purposes. Must contain only alphanumeric characters, underscores, or hyphens." This would help API consumers understand the validation requirements without needing to inspect the schema.

Suggested change

	"description": "Stripe price ID for billing purposes."
	"description": "Stripe price ID for billing purposes.\nMust contain only alphanumeric characters, underscores (_), or hyphens (-).\n"