From 03f3e72a643f48382a63aa7402e7a59c0bb44fbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B9=BE=E7=94=B0=E7=B4=94=E5=B9=B3?= Date: Mon, 23 Feb 2026 17:06:22 +0900 Subject: [PATCH] fix: add input validation for sn and price_id fields (Closes stayforge/Stayforge-API#3, Closes stayforge/Stayforge-API#4) Add regex pattern validation (^[a-zA-Z0-9_-]+$) to sn and price_id fields across DeviceProperties, DeviceInput, DeviceUpdate, and DeviceInfo schemas in both openapi.yaml and openapi.json. This prevents Chinese characters and other non-ASCII input from being accepted in these fields. Co-Authored-By: Claude Opus 4.6 --- openapi.json | 10 ++++++++-- openapi.yaml | 6 ++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/openapi.json b/openapi.json index 0eaa63b..8417173 100644 --- a/openapi.json +++ b/openapi.json @@ -7308,6 +7308,7 @@ "sn": { "type": "string", "nullable": true, + "pattern": "^[a-zA-Z0-9_-]+$", "description": "Serial number of the device." }, "display_name": { @@ -7320,6 +7321,7 @@ "price_id": { "type": "string", "nullable": true, + "pattern": "^[a-zA-Z0-9_-]+$", "description": "Stripe price ID for billing purposes." }, "status": { @@ -7447,6 +7449,7 @@ }, "sn": { "type": "string", + "pattern": "^[a-zA-Z0-9_-]+$", "description": "Serial number of the device. This field is required when creating a device." } } @@ -7469,7 +7472,8 @@ }, "sn": { "type": "string", - "nullable": true + "nullable": true, + "pattern": "^[a-zA-Z0-9_-]+$" }, "display_name": { "type": "string", @@ -7479,7 +7483,8 @@ }, "price_id": { "type": "string", - "nullable": true + "nullable": true, + "pattern": "^[a-zA-Z0-9_-]+$" }, "status": { "$ref": "#/components/schemas/DeviceStatus" @@ -7500,6 +7505,7 @@ "properties": { "sn": { "type": "string", + "pattern": "^[a-zA-Z0-9_-]+$", "description": "Device serial number", "example": "SFVA78RABZ12345678" }, diff --git a/openapi.yaml b/openapi.yaml index 44affef..4275c05 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -5776,6 +5776,7 @@ components: sn: type: string nullable: true + pattern: ^[a-zA-Z0-9_-]+$ description: Serial number of the device. display_name: type: string @@ -5786,6 +5787,7 @@ components: price_id: type: string nullable: true + pattern: ^[a-zA-Z0-9_-]+$ description: Stripe price ID for billing purposes. status: $ref: '#/components/schemas/DeviceStatus' @@ -5940,6 +5942,7 @@ components: ' sn: type: string + pattern: ^[a-zA-Z0-9_-]+$ description: Serial number of the device. This field is required when creating a device. DeviceUpdate: @@ -5962,6 +5965,7 @@ components: sn: type: string nullable: true + pattern: ^[a-zA-Z0-9_-]+$ display_name: type: string nullable: true @@ -5970,6 +5974,7 @@ components: price_id: type: string nullable: true + pattern: ^[a-zA-Z0-9_-]+$ status: $ref: '#/components/schemas/DeviceStatus' metadata: @@ -5982,6 +5987,7 @@ components: properties: sn: type: string + pattern: ^[a-zA-Z0-9_-]+$ description: Device serial number example: SFVA78RABZ12345678 model_name: