Skip to content

Commit f428487

Browse files
tombiiclaude
andcommitted
fix: Allow spaces in account names and improve validation error messages [skip-version]
Fixes snipeship#50 - Updated account name validation pattern to allow spaces - Added patternErrorMessage option to validateString function - Added descriptive error message: "can only contain letters, numbers, spaces, hyphens, and underscores" - Quoted account names in CLI command suggestions to prevent shell injection - Applied fixes to all account creation handlers (OAuth, Zai, Minimax, NanoGPT, Anthropic-compatible, OpenAI-compatible, Vertex AI) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
1 parent 77e5af7 commit f428487

4 files changed

Lines changed: 27 additions & 5 deletions

File tree

packages/cli-commands/src/commands/token-health.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ export function checkReauthNeeded(dbOps: DatabaseOperations): void {
3939

4040
console.log("\n🔧 Re-authentication commands:");
4141
needsReauth.forEach((account) => {
42-
console.log(` bun run cli --reauthenticate ${account.name}`);
42+
console.log(` bun run cli --reauthenticate "${account.name}"`);
4343
});
4444

4545
console.log("\n💡 Or run the health check for detailed information:");

packages/core/src/validation.ts

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ export function validateString(
1414
minLength?: number;
1515
maxLength?: number;
1616
pattern?: RegExp;
17+
patternErrorMessage?: string;
1718
allowedValues?: readonly string[];
1819
transform?: (value: string) => string;
1920
} = {},
@@ -53,7 +54,10 @@ export function validateString(
5354

5455
// Validate pattern
5556
if (options.pattern && !options.pattern.test(sanitized)) {
56-
throw new ValidationError(`${field} has an invalid format`, field, value);
57+
const errorMessage = options.patternErrorMessage
58+
? `${field} ${options.patternErrorMessage}`
59+
: `${field} has an invalid format`;
60+
throw new ValidationError(errorMessage, field, value);
5761
}
5862

5963
// Validate allowed values
@@ -327,9 +331,9 @@ export const patterns = {
327331
uuid: /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i,
328332
alphanumeric: /^[a-zA-Z0-9]+$/,
329333
alphanumericWithSpaces: /^[a-zA-Z0-9\s]+$/,
330-
// Account name: alphanumeric with hyphens and underscores only (safe for shell commands)
331-
// Removed spaces, @, ., + to prevent command injection in CLI suggestions
332-
accountName: /^[a-zA-Z0-9\-_]+$/,
334+
// Account name: alphanumeric with spaces, hyphens, and underscores
335+
// Spaces are allowed for better UX - CLI command suggestions will quote names properly
336+
accountName: /^[a-zA-Z0-9\s\-_]+$/,
333337
// Path pattern for API endpoints
334338
apiPath: /^\/v1\/[a-zA-Z0-9\-_/]*$/,
335339
// URL pattern

packages/http-api/src/handlers/accounts.ts

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -370,6 +370,8 @@ export function createAccountAddHandler(
370370
minLength: 1,
371371
maxLength: 100,
372372
pattern: patterns.accountName,
373+
patternErrorMessage:
374+
"can only contain letters, numbers, spaces, hyphens, and underscores",
373375
transform: sanitizers.trim,
374376
});
375377

@@ -616,6 +618,8 @@ export function createAccountRenameHandler(dbOps: DatabaseOperations) {
616618
minLength: 1,
617619
maxLength: 100,
618620
pattern: patterns.accountName,
621+
patternErrorMessage:
622+
"can only contain letters, numbers, spaces, hyphens, and underscores",
619623
transform: sanitizers.trim,
620624
});
621625

@@ -679,6 +683,8 @@ export function createZaiAccountAddHandler(dbOps: DatabaseOperations) {
679683
minLength: 1,
680684
maxLength: 100,
681685
pattern: patterns.accountName,
686+
patternErrorMessage:
687+
"can only contain letters, numbers, spaces, hyphens, and underscores",
682688
transform: sanitizers.trim,
683689
});
684690

@@ -834,6 +840,8 @@ export function createOpenAIAccountAddHandler(dbOps: DatabaseOperations) {
834840
minLength: 1,
835841
maxLength: 100,
836842
pattern: patterns.accountName,
843+
patternErrorMessage:
844+
"can only contain letters, numbers, spaces, hyphens, and underscores",
837845
transform: sanitizers.trim,
838846
});
839847

@@ -998,6 +1006,8 @@ export function createVertexAIAccountAddHandler(dbOps: DatabaseOperations) {
9981006
minLength: 1,
9991007
maxLength: 100,
10001008
pattern: patterns.accountName,
1009+
patternErrorMessage:
1010+
"can only contain letters, numbers, spaces, hyphens, and underscores",
10011011
transform: sanitizers.trim,
10021012
});
10031013

@@ -1137,6 +1147,8 @@ export function createMinimaxAccountAddHandler(dbOps: DatabaseOperations) {
11371147
minLength: 1,
11381148
maxLength: 100,
11391149
pattern: patterns.accountName,
1150+
patternErrorMessage:
1151+
"can only contain letters, numbers, spaces, hyphens, and underscores",
11401152
transform: sanitizers.trim,
11411153
});
11421154

@@ -1269,6 +1281,8 @@ export function createNanoGPTAccountAddHandler(dbOps: DatabaseOperations) {
12691281
minLength: 1,
12701282
maxLength: 100,
12711283
pattern: patterns.accountName,
1284+
patternErrorMessage:
1285+
"can only contain letters, numbers, spaces, hyphens, and underscores",
12721286
transform: sanitizers.trim,
12731287
});
12741288
if (!name) {
@@ -1440,6 +1454,8 @@ export function createAnthropicCompatibleAccountAddHandler(
14401454
minLength: 1,
14411455
maxLength: 100,
14421456
pattern: patterns.accountName,
1457+
patternErrorMessage:
1458+
"can only contain letters, numbers, spaces, hyphens, and underscores",
14431459
transform: sanitizers.trim,
14441460
});
14451461

packages/http-api/src/handlers/oauth.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@ export function createOAuthInitHandler(dbOps: DatabaseOperations) {
2626
minLength: 1,
2727
maxLength: 100,
2828
pattern: patterns.accountName,
29+
patternErrorMessage:
30+
"can only contain letters, numbers, spaces, hyphens, and underscores",
2931
});
3032

3133
if (!name) {

0 commit comments

Comments
 (0)