From 9f8af77ec3b188a9a93996cc39b44a6e888623ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B9=BE=E7=94=B0=E7=B4=94=E5=B9=B3?=
 <iktahana@iktahana-Mac-mini.local>
Date: Mon, 2 Mar 2026 01:03:13 +0900
Subject: [PATCH] fix: validate price_id format to reject invalid characters
 (Closes stayforge/Stayforge-API#4)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 openapi.json | 4 +++-
 openapi.yaml | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/openapi.json b/openapi.json
index 0eaa63b..b7d6ead 100644
--- a/openapi.json
+++ b/openapi.json
@@ -7320,6 +7320,7 @@
           "price_id": {
             "type": "string",
             "nullable": true,
+            "pattern": "^[a-zA-Z0-9_-]+$",
             "description": "Stripe price ID for billing purposes."
           },
           "status": {
@@ -7479,7 +7480,8 @@
               },
               "price_id": {
                 "type": "string",
-                "nullable": true
+                "nullable": true,
+                "pattern": "^[a-zA-Z0-9_-]+$"
               },
               "status": {
                 "$ref": "#/components/schemas/DeviceStatus"
diff --git a/openapi.yaml b/openapi.yaml
index 44affef..500788b 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -5786,6 +5786,7 @@ components:
         price_id:
           type: string
           nullable: true
+          pattern: ^[a-zA-Z0-9_-]+$
           description: Stripe price ID for billing purposes.
         status:
           $ref: '#/components/schemas/DeviceStatus'
@@ -5970,6 +5971,7 @@ components:
           price_id:
             type: string
             nullable: true
+            pattern: ^[a-zA-Z0-9_-]+$
           status:
             $ref: '#/components/schemas/DeviceStatus'
           metadata: