From 9ab0503110420f2a14ecf5a107fea521e2d00f03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B9=BE=E7=94=B0=E7=B4=94=E5=B9=B3?= Date: Wed, 25 Feb 2026 01:04:16 +0900 Subject: [PATCH] fix: add input validation to reject invalid price_id formats Add regex pattern validation (^price_[a-zA-Z0-9_]+$) to the price_id field in DeviceProperties and DeviceUpdate schemas. This ensures price_id values conform to the Stripe pricing ID format, rejecting non-ASCII characters like Chinese. Closes stayforge/Stayforge-API#4 Co-Authored-By: Claude Opus 4.6 --- openapi.json | 8 +++++--- openapi.yaml | 2 ++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/openapi.json b/openapi.json index 0eaa63b..1ef49d7 100644 --- a/openapi.json +++ b/openapi.json @@ -7320,7 +7320,8 @@ "price_id": { "type": "string", "nullable": true, - "description": "Stripe price ID for billing purposes." + "description": "Stripe price ID for billing purposes.", + "pattern": "^price_[a-zA-Z0-9_]+$" }, "status": { "$ref": "#/components/schemas/DeviceStatus" @@ -7479,7 +7480,8 @@ }, "price_id": { "type": "string", - "nullable": true + "nullable": true, + "pattern": "^price_[a-zA-Z0-9_]+$" }, "status": { "$ref": "#/components/schemas/DeviceStatus" @@ -8255,4 +8257,4 @@ } } } -} \ No newline at end of file +} diff --git a/openapi.yaml b/openapi.yaml index 44affef..641acbf 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -5787,6 +5787,7 @@ components: type: string nullable: true description: Stripe price ID for billing purposes. + pattern: ^price_[a-zA-Z0-9_]+$ status: $ref: '#/components/schemas/DeviceStatus' metadata: @@ -5970,6 +5971,7 @@ components: price_id: type: string nullable: true + pattern: ^price_[a-zA-Z0-9_]+$ status: $ref: '#/components/schemas/DeviceStatus' metadata: