Skip to content

fix: validate price_id format to reject invalid characters#11

Open
Washio20 wants to merge 1 commit intostayforge:mainfrom
Washio20:fix/bug-4
Open

fix: validate price_id format to reject invalid characters#11
Washio20 wants to merge 1 commit intostayforge:mainfrom
Washio20:fix/bug-4

Conversation

@Washio20
Copy link

@Washio20 Washio20 commented Feb 22, 2026
edited by coderabbitai bot
Loading

Summary

  • Add pattern: ^[a-zA-Z0-9_-]+$ regex validation to all price_id fields in the OpenAPI spec
  • This prevents invalid characters (e.g., Chinese characters, special symbols) from being accepted as pricing IDs

Root Cause

The price_id field in the device schemas (DeviceProperties, DeviceUpdate) had no format validation, allowing any string including non-alphanumeric characters to be submitted. Stripe pricing IDs only contain alphanumeric characters, hyphens, and underscores.

Changes

  • openapi.yaml: Added pattern: ^[a-zA-Z0-9_-]+$ to price_id fields in DeviceProperties and DeviceUpdate schemas
  • openapi.json: Same pattern added to the corresponding JSON definitions

Testing

  • Verified the regex pattern ^[a-zA-Z0-9_-]+$ correctly:
    • Accepts: price_1234, price-abc, priceABC123
    • Rejects: strings containing Chinese characters, spaces, or other special characters

Closes #4

Summary by CodeRabbit

  • Chores
    • API schema: device-related price_id fields now must contain only letters, numbers, underscores, or hyphens (pattern ^[a-zA-Z0-9_-]+$).
    • Device update endpoints: price_id remains nullable but, if provided, must match the same allowed-format pattern.
    • Result: tighter validation for price identifiers to prevent invalid values when creating or updating devices.

Copilot AI review requested due to automatic review settings February 22, 2026 00:03
@coderabbitai
Copy link

coderabbitai bot commented Feb 22, 2026
edited
Loading

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ef6689c and 9f8af77.

📒 Files selected for processing (2)
  • openapi.json
  • openapi.yaml
🚧 Files skipped from review as they are similar to previous changes (2)
  • openapi.yaml
  • openapi.json
📝 Walkthrough

Walkthrough

Added regex validation ^[a-zA-Z0-9_-]+$ to price_id in OpenAPI device schemas: DeviceProperties.price_id and nullable DeviceUpdate.price_id, restricting values to ASCII letters, digits, underscores, and hyphens (rejects Chinese and other non-allowed glyphs).

Changes

Cohort / File(s) Summary
OpenAPI schemas
openapi.json, openapi.yaml		 Added pattern: "^[a-zA-Z0-9_-]+$" to DeviceProperties.price_id and to nullable DeviceUpdate.price_id, enforcing ASCII alphanumeric characters, underscores, and hyphens; addresses issue where Chinese characters were previously accepted.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I hopped through schemas, stitched a tiny gate,
Only letters, numbers, underscores, and straight,
No hanzi or symbols tucked under the rug,
Price_ids now tidy — the validator snug,
A small rabbit fix, quick as a sprightly skate.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately captures the main change: adding validation pattern to reject invalid characters in price_id field.
Linked Issues check ✅ Passed The PR successfully addresses issue #4 by adding regex pattern validation to price_id in DeviceProperties and DeviceUpdate to reject non-ASCII characters and enforce Stripe ID format.
Out of Scope Changes check ✅ Passed All changes are scoped to adding pattern validation to price_id fields in openapi.yaml and openapi.json, directly addressing the linked issue requirement.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI reviewed Feb 22, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds regex pattern validation to the price_id field in the OpenAPI specification to enforce Stripe-compatible pricing ID formats. The change addresses issue #4, which reported that the API was accepting invalid characters (e.g., Chinese characters) in the price_id field, potentially causing billing issues.

Changes:

  • Added pattern: ^[a-zA-Z0-9_-]+$ validation to price_id fields in both DeviceProperties and DeviceUpdate schemas
  • Applied changes consistently to both openapi.yaml and openapi.json files

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
openapi.yaml Added regex pattern validation to price_id in DeviceProperties schema (line 5789) and DeviceUpdate schema (line 5974) to restrict input to alphanumeric characters, underscores, and hyphens
openapi.json Added regex pattern validation to price_id in DeviceProperties schema (line 7323) and DeviceUpdate schema (line 7484), matching the YAML changes

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

openapi.yaml
type: string
nullable: true
pattern: ^[a-zA-Z0-9_-]+$
description: Stripe price ID for billing purposes.
Copy link

Copilot AI Feb 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider updating the description to document the validation pattern, similar to how device_id documents its format constraints. For example: "Stripe price ID for billing purposes. Must contain only alphanumeric characters, underscores, or hyphens." This would help API consumers understand the validation requirements without needing to inspect the schema.

Suggested change
description: Stripe price ID for billing purposes.
description: Stripe price ID for billing purposes. Must contain only alphanumeric characters, underscores (_), or hyphens (-).

Copilot uses AI. Check for mistakes.
openapi.json
"type": "string",
"nullable": true,
"pattern": "^[a-zA-Z0-9_-]+$",
"description": "Stripe price ID for billing purposes."
Copy link

Copilot AI Feb 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider updating the description to document the validation pattern, similar to how device_id documents its format constraints. For example: "Stripe price ID for billing purposes. Must contain only alphanumeric characters, underscores, or hyphens." This would help API consumers understand the validation requirements without needing to inspect the schema.

Suggested change
"description": "Stripe price ID for billing purposes."
"description": "Stripe price ID for billing purposes.\nMust contain only alphanumeric characters, underscores (_), or hyphens (-).\n"

Copilot uses AI. Check for mistakes.
@Washio20 Washio20 changed the title fix: validate price_id field to reject non-alphanumeric characters fix: validate price_id field to reject invalid characters Feb 27, 2026
@Washio20 Washio20 changed the title fix: validate price_id field to reject invalid characters fix: add regex pattern validation to price_id field to reject invalid characters Feb 27, 2026
@claude
fix: validate price_id format to reject invalid characters (Closes st…
9f8af77 
…ayforge#4)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Washio20 Washio20 changed the title fix: add regex pattern validation to price_id field to reject invalid characters fix: validate price_id format to reject invalid characters Mar 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]price_id Field Accepts Chinese Characters (Invalid Input Not Rejected)

2 participants

@Washio20