Move validators to a single package

Signed-off-by: Radoslav Dimitrov <[email protected]>

Author: rdimitrov

internal/api/handlers/v0/edit.go

@@ -15,7 +15,6 @@ import (
 	"github.com/modelcontextprotocol/registry/internal/validators"
 	apiv1 "github.com/modelcontextprotocol/registry/pkg/api/v1"
 	"github.com/modelcontextprotocol/registry/pkg/model"
-	"github.com/modelcontextprotocol/registry/pkg/validation"
 )
 
 // EditServerInput represents the input for editing a server
@@ -56,7 +55,7 @@ func RegisterEditEndpoints(api huma.API, registry service.RegistryService, cfg *
 		}
 
 		// Validate that only allowed extension fields are present
-		if err := validation.ValidatePublishRequestExtensions(input.RawBody); err != nil {
+		if err := validators.ValidatePublishRequestExtensions(input.RawBody); err != nil {
 			return nil, huma.Error400BadRequest("Invalid request format", err)
 		}
 

internal/api/handlers/v0/publish.go

@@ -12,7 +12,6 @@ import (
 	"github.com/modelcontextprotocol/registry/internal/service"
 	"github.com/modelcontextprotocol/registry/internal/validators"
 	apiv1 "github.com/modelcontextprotocol/registry/pkg/api/v1"
-	"github.com/modelcontextprotocol/registry/pkg/validation"
 )
 
 // PublishServerInput represents the input for publishing a server
@@ -52,7 +51,7 @@ func RegisterPublishEndpoint(api huma.API, registry service.RegistryService, cfg
 		}
 
 		// Validate that only allowed extension fields are present
-		if err := validation.ValidatePublishRequestExtensions(input.RawBody); err != nil {
+		if err := validators.ValidatePublishRequestExtensions(input.RawBody); err != nil {
 			return nil, huma.Error400BadRequest("Invalid request format", err)
 		}
 

internal/service/fake_service.go

@@ -6,9 +6,9 @@ import (
 
 	"github.com/google/uuid"
 	"github.com/modelcontextprotocol/registry/internal/database"
+	"github.com/modelcontextprotocol/registry/internal/validators"
 	apiv1 "github.com/modelcontextprotocol/registry/pkg/api/v1"
 	"github.com/modelcontextprotocol/registry/pkg/model"
-	"github.com/modelcontextprotocol/registry/pkg/validation"
 )
 
 // fakeRegistryService implements RegistryService interface with an in-memory database
@@ -114,17 +114,17 @@ func (s *fakeRegistryService) Publish(req apiv1.PublishRequest) (*apiv1.ServerRe
 	defer cancel()
 
 	// Validate the request
-	if err := validation.ValidatePublisherExtensions(req); err != nil {
+	if err := validators.ValidatePublisherExtensions(req); err != nil {
 		return nil, err
 	}
 
 	// Validate server name exists
-	if _, err := validation.ParseServerName(req.Server); err != nil {
+	if _, err := validators.ParseServerName(req.Server); err != nil {
 		return nil, err
 	}
 
 	// Extract publisher extensions from request
-	publisherExtensions := validation.ExtractPublisherExtensions(req)
+	publisherExtensions := validators.ExtractPublisherExtensions(req)
 
 	// Create registry metadata for fake service (always marks as latest)
 	now := time.Now()
@@ -152,17 +152,17 @@ func (s *fakeRegistryService) EditServer(id string, req apiv1.PublishRequest) (*
 	defer cancel()
 
 	// Validate the request
-	if err := validation.ValidatePublisherExtensions(req); err != nil {
+	if err := validators.ValidatePublisherExtensions(req); err != nil {
 		return nil, err
 	}
 
 	// Validate server name exists and format
-	if _, err := validation.ParseServerName(req.Server); err != nil {
+	if _, err := validators.ParseServerName(req.Server); err != nil {
 		return nil, err
 	}
 
 	// Extract publisher extensions from request
-	publisherExtensions := validation.ExtractPublisherExtensions(req)
+	publisherExtensions := validators.ExtractPublisherExtensions(req)
 
 	// Update server in database
 	serverRecord, err := s.db.UpdateServer(ctx, id, req.Server, publisherExtensions)

internal/service/registry_service.go

@@ -10,9 +10,9 @@ import (
 
 	"github.com/google/uuid"
 	"github.com/modelcontextprotocol/registry/internal/database"
+	"github.com/modelcontextprotocol/registry/internal/validators"
 	apiv1 "github.com/modelcontextprotocol/registry/pkg/api/v1"
 	"github.com/modelcontextprotocol/registry/pkg/model"
-	"github.com/modelcontextprotocol/registry/pkg/validation"
 )
 
 const maxServerVersionsPerServer = 10000
@@ -133,12 +133,12 @@ func (s *registryServiceImpl) Publish(req apiv1.PublishRequest) (*apiv1.ServerRe
 	defer cancel()
 
 	// Validate the request
-	if err := validation.ValidatePublisherExtensions(req); err != nil {
+	if err := validators.ValidatePublisherExtensions(req); err != nil {
 		return nil, err
 	}
 
 	// Validate server name exists and format
-	if _, err := validation.ParseServerName(req.Server); err != nil {
+	if _, err := validators.ParseServerName(req.Server); err != nil {
 		return nil, err
 	}
 
@@ -150,7 +150,7 @@ func (s *registryServiceImpl) Publish(req apiv1.PublishRequest) (*apiv1.ServerRe
 	}
 
 	// Validate reverse-DNS namespace matching for remote URLs
-	if err := validation.ValidateRemoteNamespaceMatch(req.Server); err != nil {
+	if err := validators.ValidateRemoteNamespaceMatch(req.Server); err != nil {
 		return nil, err
 	}
 
@@ -201,7 +201,7 @@ func (s *registryServiceImpl) Publish(req apiv1.PublishRequest) (*apiv1.ServerRe
 	}
 
 	// Extract publisher extensions from request
-	publisherExtensions := validation.ExtractPublisherExtensions(req)
+	publisherExtensions := validators.ExtractPublisherExtensions(req)
 
 	// Create registry metadata with service-determined values
 	registryMetadata := apiv1.RegistryExtensions{
@@ -261,12 +261,12 @@ func (s *registryServiceImpl) EditServer(id string, req apiv1.PublishRequest) (*
 	defer cancel()
 
 	// Validate the request
-	if err := validation.ValidatePublisherExtensions(req); err != nil {
+	if err := validators.ValidatePublisherExtensions(req); err != nil {
 		return nil, err
 	}
 
 	// Validate server name exists and format
-	if _, err := validation.ParseServerName(req.Server); err != nil {
+	if _, err := validators.ParseServerName(req.Server); err != nil {
 		return nil, err
 	}
 
@@ -278,7 +278,7 @@ func (s *registryServiceImpl) EditServer(id string, req apiv1.PublishRequest) (*
 	}
 
 	// Validate reverse-DNS namespace matching for remote URLs
-	if err := validation.ValidateRemoteNamespaceMatch(req.Server); err != nil {
+	if err := validators.ValidateRemoteNamespaceMatch(req.Server); err != nil {
 		return nil, err
 	}
 
@@ -288,7 +288,7 @@ func (s *registryServiceImpl) EditServer(id string, req apiv1.PublishRequest) (*
 	}
 
 	// Extract publisher extensions from request
-	publisherExtensions := validation.ExtractPublisherExtensions(req)
+	publisherExtensions := validators.ExtractPublisherExtensions(req)
 
 	// Update server in database
 	serverRecord, err := s.db.UpdateServer(ctx, id, req.Server, publisherExtensions)

internal/validators/validators.go

@@ -1,8 +1,13 @@
 package validators
 
 import (
+	"encoding/json"
 	"fmt"
+	"net/url"
+	"slices"
+	"strings"
 
+	apiv1 "github.com/modelcontextprotocol/registry/pkg/api/v1"
 	"github.com/modelcontextprotocol/registry/pkg/model"
 )
 
@@ -122,3 +127,163 @@ func (ov *ObjectValidator) Validate(obj *model.ServerJSON) error {
 	}
 	return nil
 }
+
+// ValidatePublisherExtensions validates that publisher extensions are within size limits
+func ValidatePublisherExtensions(req apiv1.PublishRequest) error {
+	const maxExtensionSize = 4 * 1024 // 4KB limit
+
+	// Check size limit for x-publisher extension
+	if req.XPublisher != nil {
+		extensionsJSON, err := json.Marshal(req.XPublisher)
+		if err != nil {
+			return fmt.Errorf("failed to marshal x-publisher extension: %w", err)
+		}
+		if len(extensionsJSON) > maxExtensionSize {
+			return fmt.Errorf("x-publisher extension exceeds 4KB limit (%d bytes)", len(extensionsJSON))
+		}
+	}
+
+	return nil
+}
+
+// ValidatePublishRequestExtensions validates that only allowed extension fields are present
+func ValidatePublishRequestExtensions(requestData []byte) error {
+	// Parse the raw JSON to check for unknown fields
+	var rawRequest map[string]interface{}
+	if err := json.Unmarshal(requestData, &rawRequest); err != nil {
+		return fmt.Errorf("failed to parse request JSON: %w", err)
+	}
+
+	// Define allowed top-level fields
+	allowedFields := map[string]bool{
+		"server":      true,
+		"x-publisher": true,
+	}
+
+	// Check for any disallowed fields
+	var invalidFields []string
+	for field := range rawRequest {
+		if !allowedFields[field] {
+			invalidFields = append(invalidFields, field)
+		}
+	}
+
+	if len(invalidFields) > 0 {
+		return fmt.Errorf("invalid extension fields: %v. Only 'server' and 'x-publisher' fields are allowed", invalidFields)
+	}
+
+	return nil
+}
+
+// ExtractPublisherExtensions extracts publisher extensions from a apiv1.PublishRequest
+func ExtractPublisherExtensions(req apiv1.PublishRequest) map[string]interface{} {
+	publisherExtensions := make(map[string]interface{})
+	if req.XPublisher != nil {
+		// Copy fields directly, avoiding double nesting
+		for k, v := range req.XPublisher {
+			publisherExtensions[k] = v
+		}
+	}
+	return publisherExtensions
+}
+
+// ParseServerName extracts the server name from a model.ServerJSON for validation purposes
+func ParseServerName(serverDetail model.ServerJSON) (string, error) {
+	name := serverDetail.Name
+	if name == "" {
+		return "", fmt.Errorf("server name is required and must be a string")
+	}
+
+	// Validate format: dns-namespace/name
+	if !strings.Contains(name, "/") {
+		return "", fmt.Errorf("server name must be in format 'dns-namespace/name' (e.g., 'com.example.api/server')")
+	}
+
+	parts := strings.SplitN(name, "/", 2)
+	if len(parts) != 2 || parts[0] == "" || parts[1] == "" {
+		return "", fmt.Errorf("server name must be in format 'dns-namespace/name' with non-empty namespace and name parts")
+	}
+
+	return name, nil
+}
+
+// ValidateRemoteNamespaceMatch validates that remote URLs match the reverse-DNS namespace
+func ValidateRemoteNamespaceMatch(serverDetail model.ServerJSON) error {
+	namespace := serverDetail.Name
+
+	for _, remote := range serverDetail.Remotes {
+		if err := validateRemoteURLMatchesNamespace(remote.URL, namespace); err != nil {
+			return fmt.Errorf("remote URL %s does not match namespace %s: %w", remote.URL, namespace, err)
+		}
+	}
+
+	return nil
+}
+
+// validateRemoteURLMatchesNamespace checks if a remote URL's hostname matches the publisher domain from the namespace
+func validateRemoteURLMatchesNamespace(remoteURL, namespace string) error {
+	// Parse the URL to extract the hostname
+	parsedURL, err := url.Parse(remoteURL)
+	if err != nil {
+		return fmt.Errorf("invalid URL format: %w", err)
+	}
+
+	hostname := parsedURL.Hostname()
+	if hostname == "" {
+		return fmt.Errorf("URL must have a valid hostname")
+	}
+
+	// Skip validation for localhost and local development URLs
+	if hostname == "localhost" || strings.HasSuffix(hostname, ".localhost") || hostname == "127.0.0.1" {
+		return nil
+	}
+
+	// Extract publisher domain from reverse-DNS namespace
+	publisherDomain := extractPublisherDomainFromNamespace(namespace)
+	if publisherDomain == "" {
+		return fmt.Errorf("invalid namespace format: cannot extract domain from %s", namespace)
+	}
+
+	// Check if the remote URL hostname matches the publisher domain or is a subdomain
+	if !isValidHostForDomain(hostname, publisherDomain) {
+		return fmt.Errorf("remote URL host %s does not match publisher domain %s", hostname, publisherDomain)
+	}
+
+	return nil
+}
+
+// extractPublisherDomainFromNamespace converts reverse-DNS namespace to normal domain format
+// e.g., "com.example" -> "example.com"
+func extractPublisherDomainFromNamespace(namespace string) string {
+	// Extract the namespace part before the first slash
+	namespacePart := namespace
+	if slashIdx := strings.Index(namespace, "/"); slashIdx != -1 {
+		namespacePart = namespace[:slashIdx]
+	}
+
+	// Split into parts and reverse them to get normal domain format
+	parts := strings.Split(namespacePart, ".")
+	if len(parts) < 2 {
+		return ""
+	}
+
+	// Reverse the parts to convert from reverse-DNS to normal domain
+	slices.Reverse(parts)
+
+	return strings.Join(parts, ".")
+}
+
+// isValidHostForDomain checks if a hostname is the domain or a subdomain of the publisher domain
+func isValidHostForDomain(hostname, publisherDomain string) bool {
+	// Exact match
+	if hostname == publisherDomain {
+		return true
+	}
+
+	// Subdomain match - hostname should end with "." + publisherDomain
+	if strings.HasSuffix(hostname, "."+publisherDomain) {
+		return true
+	}
+
+	return false
+}