dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(validation): centralize validation patterns for names and descriptions

Browse Source 
- Introduced `ValidationPatterns` class to standardize validation rules and messages for name and description fields across the application.
- Updated various components and models to utilize the new validation patterns, ensuring consistent sanitization and validation logic.
- Replaced the `HasSafeNameAttribute` trait with `HasSafeStringAttribute` to enhance attribute handling and maintain consistency in name sanitization.
- Enhanced the `CleanupNames` command to align with the new validation rules, allowing for a broader range of valid characters in names.
This commit is contained in:
Andras Bacsai
2025-08-19 12:14:48 +02:00
parent 0bb9ee4327
commit 38c0641734
30 changed files with 238 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/Console/Commands/CleanupNames.php
View File

@@ -20,6 +20,7 @@ use App\Models\StandalonePostgresql;
use App\Models\StandaloneRedis; use App\Models\StandaloneRedis;
use App\Models\Tag; use App\Models\Tag;
use App\Models\Team; use App\Models\Team;
use App\Support\ValidationPatterns;
use Illuminate\Console\Command; use Illuminate\Console\Command;
use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Log;
@@ -31,7 +32,7 @@ class CleanupNames extends Command
{--backup : Create database backup before changes} {--backup : Create database backup before changes}
{--force : Skip confirmation prompt}'; {--force : Skip confirmation prompt}';
protected $description = 'Sanitize name fields by removing invalid characters (keeping only letters, numbers, spaces, dashes, underscores, dots)'; protected $description = 'Sanitize name fields by removing invalid characters (keeping only letters, numbers, spaces, dashes, underscores, dots, slashes, colons, parentheses)';
protected array $modelsToClean = [ protected array $modelsToClean = [
'Project' => Project::class, 'Project' => Project::class,
@@ -148,7 +149,9 @@ class CleanupNames extends Command
protected function sanitizeName(string $name): string protected function sanitizeName(string $name): string
{ {
// Remove all characters that don't match the allowed pattern // Remove all characters that don't match the allowed pattern
$sanitized = preg_replace('/[^a-zA-Z0-9\s\-_.]+/', '', $name); // Use the shared ValidationPatterns to ensure consistency
$allowedPattern = str_replace(['/', '^', '$'], '', ValidationPatterns::NAME_PATTERN);
$sanitized = preg_replace('/[^'.$allowedPattern.']+/', '', $name);
// Clean up excessive whitespace but preserve other allowed characters // Clean up excessive whitespace but preserve other allowed characters
$sanitized = preg_replace('/\s+/', ' ', $sanitized); $sanitized = preg_replace('/\s+/', ' ', $sanitized);

31
app/Http/Controllers/Api/ProjectController.php
View File

@@ -4,6 +4,7 @@ namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\Models\Project; use App\Models\Project;
use App\Support\ValidationPatterns;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator; use Illuminate\Support\Facades\Validator;
use OpenApi\Attributes as OA; use OpenApi\Attributes as OA;
@@ -229,14 +230,9 @@ class ProjectController extends Controller
return $return; return $return;
} }
$validator = Validator::make($request->all(), [ $validator = Validator::make($request->all(), [
'name' => ['required', 'string', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'], 'name' => ValidationPatterns::nameRules(),
'description' => 'string|nullable', 'description' => ValidationPatterns::descriptionRules(),
], [ ], ValidationPatterns::combinedMessages());
'name.regex' => 'The project name may only contain letters, numbers, spaces, dashes, underscores, and dots.',
'name.required' => 'The project name is required.',
'name.min' => 'The project name must be at least 3 characters.',
'name.max' => 'The project name may not be greater than 255 characters.',
]);
$extraFields = array_diff(array_keys($request->all()), $allowedFields); $extraFields = array_diff(array_keys($request->all()), $allowedFields);
if ($validator->fails() || ! empty($extraFields)) { if ($validator->fails() || ! empty($extraFields)) {
@@ -344,13 +340,9 @@ class ProjectController extends Controller
return $return; return $return;
} }
$validator = Validator::make($request->all(), [ $validator = Validator::make($request->all(), [
'name' => ['nullable', 'string', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'], 'name' => ValidationPatterns::nameRules(required: false),
'description' => 'string|nullable', 'description' => ValidationPatterns::descriptionRules(),
], [ ], ValidationPatterns::combinedMessages());
'name.regex' => 'The project name may only contain letters, numbers, spaces, dashes, underscores, and dots.',
'name.min' => 'The project name must be at least 3 characters.',
'name.max' => 'The project name may not be greater than 255 characters.',
]);
$extraFields = array_diff(array_keys($request->all()), $allowedFields); $extraFields = array_diff(array_keys($request->all()), $allowedFields);
if ($validator->fails() || ! empty($extraFields)) { if ($validator->fails() || ! empty($extraFields)) {
@@ -590,13 +582,8 @@ class ProjectController extends Controller
return $return; return $return;
} }
$validator = Validator::make($request->all(), [ $validator = Validator::make($request->all(), [
'name' => ['required', 'string', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'], 'name' => ValidationPatterns::nameRules(),
], [ ], ValidationPatterns::nameMessages());
'name.regex' => 'The environment name may only contain letters, numbers, spaces, dashes, underscores, and dots.',
'name.required' => 'The environment name is required.',
'name.min' => 'The environment name must be at least 3 characters.',
'name.max' => 'The environment name may not be greater than 255 characters.',
]);
$extraFields = array_diff(array_keys($request->all()), $allowedFields); $extraFields = array_diff(array_keys($request->all()), $allowedFields);
if ($validator->fails() || ! empty($extraFields)) { if ($validator->fails() || ! empty($extraFields)) {

21
app/Livewire/Project/AddEmpty.php
View File

@@ -3,23 +3,28 @@
namespace App\Livewire\Project; namespace App\Livewire\Project;
use App\Models\Project; use App\Models\Project;
use Livewire\Attributes\Validate; use App\Support\ValidationPatterns;
use Livewire\Component; use Livewire\Component;
use Visus\Cuid2\Cuid2; use Visus\Cuid2\Cuid2;
class AddEmpty extends Component class AddEmpty extends Component
{ {
#[Validate(['required', 'string', 'min:3', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'])]
public string $name; public string $name;
#[Validate(['nullable', 'string'])]
public string $description = ''; public string $description = '';
protected $messages = [ protected function rules(): array
'name.regex' => 'The name may only contain letters, numbers, spaces, dashes, underscores, and dots.', {
'name.min' => 'The name must be at least 3 characters.', return [
'name.max' => 'The name may not be greater than 255 characters.', 'name' => ValidationPatterns::nameRules(),
]; 'description' => ValidationPatterns::descriptionRules(),
];
}
protected function messages(): array
{
return ValidationPatterns::combinedMessages();
}
public function submit() public function submit()
{ {

19
app/Livewire/Project/CloneMe.php
View File

@@ -11,6 +11,7 @@ use App\Jobs\VolumeCloneJob;
use App\Models\Environment; use App\Models\Environment;
use App\Models\Project; use App\Models\Project;
use App\Models\Server; use App\Models\Server;
use App\Support\ValidationPatterns;
use Livewire\Component; use Livewire\Component;
use Visus\Cuid2\Cuid2; use Visus\Cuid2\Cuid2;
@@ -42,14 +43,14 @@ class CloneMe extends Component
public bool $cloneVolumeData = false; public bool $cloneVolumeData = false;
protected $messages = [ protected function messages(): array
'selectedServer' => 'Please select a server.', {
'selectedDestination' => 'Please select a server & destination.', return array_merge([
'newName.required' => 'Please enter a name for the new project or environment.', 'selectedServer' => 'Please select a server.',
'newName.regex' => 'The name may only contain letters, numbers, spaces, dashes, underscores, and dots.', 'selectedDestination' => 'Please select a server & destination.',
'newName.min' => 'The name must be at least 3 characters.', 'newName.required' => 'Please enter a name for the new project or environment.',
'newName.max' => 'The name may not be greater than 255 characters.', ], ValidationPatterns::nameMessages());
]; }
public function mount($project_uuid) public function mount($project_uuid)
{ {
@@ -93,7 +94,7 @@ class CloneMe extends Component
try { try {
$this->validate([ $this->validate([
'selectedDestination' => 'required', 'selectedDestination' => 'required',
'newName' => ['required', 'string', 'min:3', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'], 'newName' => ValidationPatterns::nameRules(),
]); ]);
if ($type === 'project') { if ($type === 'project') {
$foundProject = Project::where('name', $this->newName)->first(); $foundProject = Project::where('name', $this->newName)->first();

21
app/Livewire/Project/Edit.php
View File

@@ -3,24 +3,29 @@
namespace App\Livewire\Project; namespace App\Livewire\Project;
use App\Models\Project; use App\Models\Project;
use Livewire\Attributes\Validate; use App\Support\ValidationPatterns;
use Livewire\Component; use Livewire\Component;
class Edit extends Component class Edit extends Component
{ {
public Project $project; public Project $project;
#[Validate(['required', 'string', 'min:3', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'])]
public string $name; public string $name;
#[Validate(['nullable', 'string', 'max:255'])]
public ?string $description = null; public ?string $description = null;
protected $messages = [ protected function rules(): array
'name.regex' => 'The name may only contain letters, numbers, spaces, dashes, underscores, and dots.', {
'name.min' => 'The name must be at least 3 characters.', return [
'name.max' => 'The name may not be greater than 255 characters.', 'name' => ValidationPatterns::nameRules(),
]; 'description' => ValidationPatterns::descriptionRules(),
];
}
protected function messages(): array
{
return ValidationPatterns::combinedMessages();
}
public function mount(string $project_uuid) public function mount(string $project_uuid)
{ {

21
app/Livewire/Project/EnvironmentEdit.php
View File

@@ -4,8 +4,8 @@ namespace App\Livewire\Project;
use App\Models\Application; use App\Models\Application;
use App\Models\Project; use App\Models\Project;
use App\Support\ValidationPatterns;
use Livewire\Attributes\Locked; use Livewire\Attributes\Locked;
use Livewire\Attributes\Validate;
use Livewire\Component; use Livewire\Component;
class EnvironmentEdit extends Component class EnvironmentEdit extends Component
@@ -17,17 +17,22 @@ class EnvironmentEdit extends Component
#[Locked] #[Locked]
public $environment; public $environment;
#[Validate(['required', 'string', 'min:3', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'])]
public string $name; public string $name;
#[Validate(['nullable', 'string', 'max:255'])]
public ?string $description = null; public ?string $description = null;
protected $messages = [ protected function rules(): array
'name.regex' => 'The environment name may only contain letters, numbers, spaces, dashes, underscores, and dots.', {
'name.min' => 'The environment name must be at least 3 characters.', return [
'name.max' => 'The environment name may not be greater than 255 characters.', 'name' => ValidationPatterns::nameRules(),
]; 'description' => ValidationPatterns::descriptionRules(),
];
}
protected function messages(): array
{
return ValidationPatterns::combinedMessages();
}
public function mount(string $project_uuid, string $environment_uuid) public function mount(string $project_uuid, string $environment_uuid)
{ {

21
app/Livewire/Project/Show.php
View File

@@ -4,7 +4,7 @@ namespace App\Livewire\Project;
use App\Models\Environment; use App\Models\Environment;
use App\Models\Project; use App\Models\Project;
use Livewire\Attributes\Validate; use App\Support\ValidationPatterns;
use Livewire\Component; use Livewire\Component;
use Visus\Cuid2\Cuid2; use Visus\Cuid2\Cuid2;
@@ -12,17 +12,22 @@ class Show extends Component
{ {
public Project $project; public Project $project;
#[Validate(['required', 'string', 'min:3', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'])]
public string $name; public string $name;
#[Validate(['nullable', 'string'])]
public ?string $description = null; public ?string $description = null;
protected $messages = [ protected function rules(): array
'name.regex' => 'The environment name may only contain letters, numbers, spaces, dashes, underscores, and dots.', {
'name.min' => 'The environment name must be at least 3 characters.', return [
'name.max' => 'The environment name may not be greater than 255 characters.', 'name' => ValidationPatterns::nameRules(),
]; 'description' => ValidationPatterns::descriptionRules(),
];
}
protected function messages(): array
{
return ValidationPatterns::combinedMessages();
}
public function mount(string $project_uuid) public function mount(string $project_uuid)
{ {

4
app/Models/Application.php
View File

@@ -5,7 +5,7 @@ namespace App\Models;
use App\Enums\ApplicationDeploymentStatus; use App\Enums\ApplicationDeploymentStatus;
use App\Services\ConfigurationGenerator; use App\Services\ConfigurationGenerator;
use App\Traits\HasConfiguration; use App\Traits\HasConfiguration;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute; use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\HasMany; use Illuminate\Database\Eloquent\Relations\HasMany;
@@ -110,7 +110,7 @@ use Visus\Cuid2\Cuid2;
class Application extends BaseModel class Application extends BaseModel
{ {
use HasConfiguration, HasFactory, HasSafeNameAttribute, SoftDeletes; use HasConfiguration, HasFactory, HasSafeStringAttribute, SoftDeletes;
private static $parserVersion = '5'; private static $parserVersion = '5';

11
app/Models/Environment.php
View File

@@ -2,8 +2,7 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use OpenApi\Attributes as OA; use OpenApi\Attributes as OA;
#[OA\Schema( #[OA\Schema(
@@ -20,7 +19,7 @@ use OpenApi\Attributes as OA;
)] )]
class Environment extends BaseModel class Environment extends BaseModel
{ {
use HasSafeNameAttribute; use HasSafeStringAttribute;
protected $guarded = []; protected $guarded = [];
@@ -122,10 +121,8 @@ class Environment extends BaseModel
return $this->hasMany(Service::class); return $this->hasMany(Service::class);
} }
protected function name(): Attribute protected function customizeName($value)
{ {
return Attribute::make( return str($value)->lower()->trim()->replace('/', '-')->toString();
set: fn (string $value) => str($value)->lower()->trim()->replace('/', '-')->toString(),
);
} }
} }

6
app/Models/LocalPersistentVolume.php
View File

@@ -24,11 +24,9 @@ class LocalPersistentVolume extends Model
return $this->morphTo('resource'); return $this->morphTo('resource');
} }
protected function name(): Attribute protected function customizeName($value)
{ {
return Attribute::make( return str($value)->trim()->value;
set: fn (string $value) => str($value)->trim()->value,
);
} }
protected function mountPath(): Attribute protected function mountPath(): Attribute

4
app/Models/PrivateKey.php
View File

@@ -2,7 +2,7 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use DanHarrin\LivewireRateLimiting\WithRateLimiting; use DanHarrin\LivewireRateLimiting\WithRateLimiting;
use Illuminate\Support\Facades\Storage; use Illuminate\Support\Facades\Storage;
use Illuminate\Validation\ValidationException; use Illuminate\Validation\ValidationException;
@@ -28,7 +28,7 @@ use phpseclib3\Crypt\PublicKeyLoader;
)] )]
class PrivateKey extends BaseModel class PrivateKey extends BaseModel
{ {
use HasSafeNameAttribute, WithRateLimiting; use HasSafeStringAttribute, WithRateLimiting;
protected $fillable = [ protected $fillable = [
'name', 'name',

4
app/Models/Project.php
View File

@@ -2,7 +2,7 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use OpenApi\Attributes as OA; use OpenApi\Attributes as OA;
use Visus\Cuid2\Cuid2; use Visus\Cuid2\Cuid2;
@@ -24,7 +24,7 @@ use Visus\Cuid2\Cuid2;
)] )]
class Project extends BaseModel class Project extends BaseModel
{ {
use HasSafeNameAttribute; use HasSafeStringAttribute;
protected $guarded = []; protected $guarded = [];

4
app/Models/S3Storage.php
View File

@@ -2,14 +2,14 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Notifications\Messages\MailMessage; use Illuminate\Notifications\Messages\MailMessage;
use Illuminate\Support\Facades\Storage; use Illuminate\Support\Facades\Storage;
class S3Storage extends BaseModel class S3Storage extends BaseModel
{ {
use HasFactory, HasSafeNameAttribute; use HasFactory, HasSafeStringAttribute;
protected $guarded = []; protected $guarded = [];

4
app/Models/ScheduledTask.php
View File

@@ -2,13 +2,13 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Relations\HasMany; use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\Relations\HasOne; use Illuminate\Database\Eloquent\Relations\HasOne;
class ScheduledTask extends BaseModel class ScheduledTask extends BaseModel
{ {
use HasSafeNameAttribute; use HasSafeStringAttribute;
protected $guarded = []; protected $guarded = [];

4
app/Models/Server.php
View File

@@ -13,7 +13,7 @@ use App\Jobs\RegenerateSslCertJob;
use App\Notifications\Server\Reachable; use App\Notifications\Server\Reachable;
use App\Notifications\Server\Unreachable; use App\Notifications\Server\Unreachable;
use App\Services\ConfigurationRepository; use App\Services\ConfigurationRepository;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Builder; use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Casts\Attribute; use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Factories\HasFactory;
@@ -165,7 +165,7 @@ class Server extends BaseModel
protected $guarded = []; protected $guarded = [];
use HasSafeNameAttribute; use HasSafeStringAttribute;
public function type() public function type()
{ {

4
app/Models/Service.php
View File

@@ -3,7 +3,7 @@
namespace App\Models; namespace App\Models;
use App\Enums\ProcessStatus; use App\Enums\ProcessStatus;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute; use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\HasMany; use Illuminate\Database\Eloquent\Relations\HasMany;
@@ -41,7 +41,7 @@ use Visus\Cuid2\Cuid2;
)] )]
class Service extends BaseModel class Service extends BaseModel
{ {
use HasFactory, HasSafeNameAttribute, SoftDeletes; use HasFactory, HasSafeStringAttribute, SoftDeletes;
private static $parserVersion = '5'; private static $parserVersion = '5';

4
app/Models/StandaloneClickhouse.php
View File

@@ -2,14 +2,14 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute; use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes; use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneClickhouse extends BaseModel class StandaloneClickhouse extends BaseModel
{ {
use HasFactory, HasSafeNameAttribute, SoftDeletes; use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = []; protected $guarded = [];

4
app/Models/StandaloneDocker.php
View File

@@ -2,11 +2,11 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
class StandaloneDocker extends BaseModel class StandaloneDocker extends BaseModel
{ {
use HasSafeNameAttribute; use HasSafeStringAttribute;
protected $guarded = []; protected $guarded = [];

4
app/Models/StandaloneDragonfly.php
View File

@@ -2,14 +2,14 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute; use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes; use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneDragonfly extends BaseModel class StandaloneDragonfly extends BaseModel
{ {
use HasFactory, HasSafeNameAttribute, SoftDeletes; use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = []; protected $guarded = [];

4
app/Models/StandaloneKeydb.php
View File

@@ -2,14 +2,14 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute; use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes; use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneKeydb extends BaseModel class StandaloneKeydb extends BaseModel
{ {
use HasFactory, HasSafeNameAttribute, SoftDeletes; use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = []; protected $guarded = [];

4
app/Models/StandaloneMariadb.php
View File

@@ -2,7 +2,7 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute; use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\MorphTo; use Illuminate\Database\Eloquent\Relations\MorphTo;
@@ -10,7 +10,7 @@ use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneMariadb extends BaseModel class StandaloneMariadb extends BaseModel
{ {
use HasFactory, HasSafeNameAttribute, SoftDeletes; use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = []; protected $guarded = [];

4
app/Models/StandaloneMongodb.php
View File

@@ -2,14 +2,14 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute; use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes; use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneMongodb extends BaseModel class StandaloneMongodb extends BaseModel
{ {
use HasFactory, HasSafeNameAttribute, SoftDeletes; use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = []; protected $guarded = [];

4
app/Models/StandaloneMysql.php
View File

@@ -2,14 +2,14 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute; use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes; use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneMysql extends BaseModel class StandaloneMysql extends BaseModel
{ {
use HasFactory, HasSafeNameAttribute, SoftDeletes; use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = []; protected $guarded = [];

4
app/Models/StandalonePostgresql.php
View File

@@ -2,14 +2,14 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute; use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes; use Illuminate\Database\Eloquent\SoftDeletes;
class StandalonePostgresql extends BaseModel class StandalonePostgresql extends BaseModel
{ {
use HasFactory, HasSafeNameAttribute, SoftDeletes; use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = []; protected $guarded = [];

4
app/Models/StandaloneRedis.php
View File

@@ -2,14 +2,14 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute; use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes; use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneRedis extends BaseModel class StandaloneRedis extends BaseModel
{ {
use HasFactory, HasSafeNameAttribute, SoftDeletes; use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = []; protected $guarded = [];

12
app/Models/Tag.php
View File

@@ -2,21 +2,17 @@
namespace App\Models; namespace App\Models;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
class Tag extends BaseModel class Tag extends BaseModel
{ {
use HasSafeNameAttribute; use HasSafeStringAttribute;
protected $guarded = []; protected $guarded = [];
public function name(): Attribute protected function customizeName($value)
{ {
return Attribute::make( return strtolower($value);
get: fn ($value) => strtolower($value),
set: fn ($value) => strtolower($value)
);
} }
public static function ownedByCurrentTeam() public static function ownedByCurrentTeam()

4
app/Models/Team.php
View File

@@ -8,7 +8,7 @@ use App\Notifications\Channels\SendsEmail;
use App\Notifications\Channels\SendsPushover; use App\Notifications\Channels\SendsPushover;
use App\Notifications\Channels\SendsSlack; use App\Notifications\Channels\SendsSlack;
use App\Traits\HasNotificationSettings; use App\Traits\HasNotificationSettings;
use App\Traits\HasSafeNameAttribute; use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute; use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Model; use Illuminate\Database\Eloquent\Model;
use Illuminate\Notifications\Notifiable; use Illuminate\Notifications\Notifiable;
@@ -37,7 +37,7 @@ use OpenApi\Attributes as OA;
class Team extends Model implements SendsDiscord, SendsEmail, SendsPushover, SendsSlack class Team extends Model implements SendsDiscord, SendsEmail, SendsPushover, SendsSlack
{ {
use HasNotificationSettings, HasSafeNameAttribute, Notifiable; use HasNotificationSettings, HasSafeStringAttribute, Notifiable;
protected $guarded = []; protected $guarded = [];

93
app/Support/ValidationPatterns.php Normal file
View File

@@ -0,0 +1,93 @@
<?php
namespace App\Support;
/**
* Shared validation patterns for consistent use across the application
*/
class ValidationPatterns
{
/**
* Pattern for names (allows letters, numbers, spaces, dashes, underscores, dots, slashes, colons, parentheses)
* Matches CleanupNames::sanitizeName() allowed characters
*/
public const NAME_PATTERN = '/^[a-zA-Z0-9\s\-_.:\/()]+$/';
/**
* Pattern for descriptions (allows more characters including quotes, commas, etc.)
* More permissive than names but still restricts dangerous characters
*/
public const DESCRIPTION_PATTERN = '/^[a-zA-Z0-9\s\-_.:\/()\'\",.!?@#%&+=\[\]{}|~`*]+$/';
/**
* Get validation rules for name fields
*/
public static function nameRules(bool $required = true, int $minLength = 3, int $maxLength = 255): array
{
$rules = [];
if ($required) {
$rules[] = 'required';
} else {
$rules[] = 'nullable';
}
$rules[] = 'string';
$rules[] = "min:$minLength";
$rules[] = "max:$maxLength";
$rules[] = 'regex:'.self::NAME_PATTERN;
return $rules;
}
/**
* Get validation rules for description fields
*/
public static function descriptionRules(bool $required = false, int $maxLength = 255): array
{
$rules = [];
if ($required) {
$rules[] = 'required';
} else {
$rules[] = 'nullable';
}
$rules[] = 'string';
$rules[] = "max:$maxLength";
$rules[] = 'regex:'.self::DESCRIPTION_PATTERN;
return $rules;
}
/**
* Get validation messages for name fields
*/
public static function nameMessages(): array
{
return [
'name.regex' => 'The name may only contain letters, numbers, spaces, dashes (-), underscores (_), dots (.), slashes (/), colons (:), and parentheses ().',
'name.min' => 'The name must be at least :min characters.',
'name.max' => 'The name may not be greater than :max characters.',
];
}
/**
* Get validation messages for description fields
*/
public static function descriptionMessages(): array
{
return [
'description.regex' => 'The description contains invalid characters. Only letters, numbers, spaces, and common punctuation (- _ . : / () \' " , ! ? @ # % & + = [] {} | ~ ` *) are allowed.',
'description.max' => 'The description may not be greater than :max characters.',
];
}
/**
* Get combined validation messages for both name and description fields
*/
public static function combinedMessages(): array
{
return array_merge(self::nameMessages(), self::descriptionMessages());
}
}

14
app/Traits/HasSafeNameAttribute.php
View File

@@ -1,14 +0,0 @@
<?php
namespace App\Traits;
trait HasSafeNameAttribute
{
/**
* Set the name attribute - strip any HTML tags for safety
*/
public function setNameAttribute($value)
{
$this->attributes['name'] = strip_tags($value);
}
}

25
app/Traits/HasSafeStringAttribute.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
namespace App\Traits;
trait HasSafeStringAttribute
{
/**
* Set the name attribute - strip any HTML tags for safety
*/
public function setNameAttribute($value)
{
$sanitized = strip_tags($value);
$this->attributes['name'] = $this->customizeName($sanitized);
}
protected function customizeName($value)
{
return $value; // Default: no customization
}
public function setDescriptionAttribute($value)
{
$this->attributes['description'] = strip_tags($value);
}
}