feat: add server name format validation at API layer

tadasant · tadasant · commit 419362fa33af · 2025-09-30T09:51:54.000-07:00
- Enforce validation matching database constraint from migration 008
- Namespace must match: [a-zA-Z0-9][a-zA-Z0-9.-]*[a-zA-Z0-9]
- Name must match: [a-zA-Z0-9][a-zA-Z0-9._-]*[a-zA-Z0-9]
- Provide clear error messages indicating which part is invalid
- Use DRY approach with composed regex patterns
diff --git a/internal/database/migrations/008_clean_invalid_data.sql b/internal/database/migrations/008_clean_invalid_data.sql
@@ -55,7 +55,7 @@ BEGIN
     RAISE NOTICE '  Total servers in database: %', total_servers;
 
     IF total_servers > 0 THEN
-        RAISE NOTICE '  Servers to DELETE: % (%.2f%%)', total_to_delete, (total_to_delete::float / total_servers * 100);
+        RAISE NOTICE '  Servers to DELETE: % (% percent of total)', total_to_delete, ROUND((total_to_delete::numeric / total_servers * 100), 2);
     ELSE
         RAISE NOTICE '  Servers to DELETE: %', total_to_delete;
     END IF;
@@ -85,7 +85,7 @@ BEGIN
                OR value->>'version' = ''
             ORDER BY value->>'name'
         LOOP
-            RAISE NOTICE '  - %@% (reason: %)', r.name, r.version, r.reason;
+            RAISE NOTICE '  - % @ % (reason: %)', r.name, COALESCE(r.version, '<NULL>'), r.reason;
         END LOOP;
 
         RAISE EXCEPTION 'Safety check failed: Expected to delete exactly 5 servers but would delete %. Check the log above for details. Aborting to prevent data loss.', total_to_delete;
@@ -102,7 +102,7 @@ BEGIN
               AND value->>'status' NOT IN ('active', 'deprecated', 'deleted')
             ORDER BY value->>'name'
         LOOP
-            RAISE NOTICE '  - %@% (current status: %)', r.name, r.version, r.status;
+            RAISE NOTICE '  - % @ % (current status: %)', r.name, r.version, r.status;
         END LOOP;
 
         RAISE EXCEPTION 'Safety check failed: Expected to update exactly 1 server status but would update %. Check the log above for details. Aborting to prevent data corruption.', invalid_status_count;
diff --git a/internal/validators/constants.go b/internal/validators/constants.go
@@ -28,6 +28,7 @@ var (
 
 	// Server name validation errors
 	ErrMultipleSlashesInServerName = errors.New("server name cannot contain multiple slashes")
+	ErrInvalidServerNameFormat     = errors.New("server name format is invalid")
 )
 
 // RepositorySource represents valid repository sources
diff --git a/internal/validators/validators.go b/internal/validators/validators.go
@@ -14,6 +14,18 @@ import (
 	"github.com/modelcontextprotocol/registry/pkg/model"
 )
 
+// Server name validation patterns
+var (
+	// Component patterns for namespace and name parts
+	namespacePattern = `[a-zA-Z0-9][a-zA-Z0-9.-]*[a-zA-Z0-9]`
+	namePartPattern  = `[a-zA-Z0-9][a-zA-Z0-9._-]*[a-zA-Z0-9]`
+
+	// Compiled regexes
+	namespaceRegex  = regexp.MustCompile(`^` + namespacePattern + `$`)
+	namePartRegex   = regexp.MustCompile(`^` + namePartPattern + `$`)
+	serverNameRegex = regexp.MustCompile(`^` + namespacePattern + `/` + namePartPattern + `$`)
+)
+
 // Regexes to detect semver range syntaxes
 var (
 	// Case 1: comparator ranges
@@ -403,11 +415,28 @@ func parseServerName(serverJSON apiv0.ServerJSON) (string, error) {
 		return "", ErrMultipleSlashesInServerName
 	}
 
+	// Split and check for empty parts
 	parts := strings.SplitN(name, "/", 2)
 	if len(parts) != 2 || parts[0] == "" || parts[1] == "" {
 		return "", fmt.Errorf("server name must be in format 'dns-namespace/name' with non-empty namespace and name parts")
 	}
 
+	// Validate name format using regex
+	if !serverNameRegex.MatchString(name) {
+		namespace := parts[0]
+		serverName := parts[1]
+
+		// Check which part is invalid for a better error message
+		if !namespaceRegex.MatchString(namespace) {
+			return "", fmt.Errorf("%w: namespace '%s' is invalid. Namespace must start and end with alphanumeric characters, and may contain dots and hyphens in the middle", ErrInvalidServerNameFormat, namespace)
+		}
+		if !namePartRegex.MatchString(serverName) {
+			return "", fmt.Errorf("%w: name '%s' is invalid. Name must start and end with alphanumeric characters, and may contain dots, underscores, and hyphens in the middle", ErrInvalidServerNameFormat, serverName)
+		}
+		// Fallback in case both somehow pass individually but not together
+		return "", fmt.Errorf("%w: invalid format for '%s'", ErrInvalidServerNameFormat, name)
+	}
+
 	return name, nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@ var (`
`28`	`28`
`29`	`29`	`// Server name validation errors`
`30`	`30`	`ErrMultipleSlashesInServerName = errors.New("server name cannot contain multiple slashes")`
	`31`	`+ ErrInvalidServerNameFormat = errors.New("server name format is invalid")`
`31`	`32`	`)`
`32`	`33`
`33`	`34`	`// RepositorySource represents valid repository sources`