improvement(code-quality): centralize regex checks, normalization (#2554)

* improvement(code-quality): centralize regex checks, normalization

* simplify resolution

* fix(copilot): don't allow duplicate name blocks

* centralize uuid check

Author: icecrasher321

apps/sim/app/api/copilot/checkpoints/revert/route.ts

@@ -10,9 +10,9 @@ import {
   createRequestTracker,
   createUnauthorizedResponse,
 } from '@/lib/copilot/request-helpers'
-import { validateUUID } from '@/lib/core/security/input-validation'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { createLogger } from '@/lib/logs/console/logger'
+import { isUuidV4 } from '@/executor/constants'
 
 const logger = createLogger('CheckpointRevertAPI')
 
@@ -87,9 +87,8 @@ export async function POST(request: NextRequest) {
       isDeployed: cleanedState.isDeployed,
     })
 
-    const workflowIdValidation = validateUUID(checkpoint.workflowId, 'workflowId')
-    if (!workflowIdValidation.isValid) {
-      logger.error(`[${tracker.requestId}] Invalid workflow ID: ${workflowIdValidation.error}`)
+    if (!isUuidV4(checkpoint.workflowId)) {
+      logger.error(`[${tracker.requestId}] Invalid workflow ID format`)
       return NextResponse.json({ error: 'Invalid workflow ID format' }, { status: 400 })
     }
 

apps/sim/app/api/copilot/execute-tool/route.ts

@@ -14,6 +14,8 @@ import { generateRequestId } from '@/lib/core/utils/request'
 import { getEffectiveDecryptedEnv } from '@/lib/environment/utils'
 import { createLogger } from '@/lib/logs/console/logger'
 import { refreshTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+import { REFERENCE } from '@/executor/constants'
+import { createEnvVarPattern } from '@/executor/utils/reference-validation'
 import { executeTool } from '@/tools'
 import { getTool } from '@/tools/utils'
 
@@ -33,14 +35,18 @@ const ExecuteToolSchema = z.object({
 function resolveEnvVarReferences(value: any, envVars: Record<string, string>): any {
   if (typeof value === 'string') {
     // Check for exact match: entire string is "{{VAR_NAME}}"
-    const exactMatch = /^\{\{([^}]+)\}\}$/.exec(value)
+    const exactMatchPattern = new RegExp(
+      `^\\${REFERENCE.ENV_VAR_START}([^}]+)\\${REFERENCE.ENV_VAR_END}$`
+    )
+    const exactMatch = exactMatchPattern.exec(value)
     if (exactMatch) {
       const envVarName = exactMatch[1].trim()
       return envVars[envVarName] ?? value
     }
 
     // Check for embedded references: "prefix {{VAR}} suffix"
-    return value.replace(/\{\{([^}]+)\}\}/g, (match, varName) => {
+    const envVarPattern = createEnvVarPattern()
+    return value.replace(envVarPattern, (match, varName) => {
       const trimmedName = varName.trim()
       return envVars[trimmedName] ?? match
     })

apps/sim/app/api/files/authorization.ts

@@ -14,6 +14,7 @@ import type { StorageConfig } from '@/lib/uploads/core/storage-client'
 import { getFileMetadataByKey } from '@/lib/uploads/server/metadata'
 import { inferContextFromKey } from '@/lib/uploads/utils/file-utils'
 import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
+import { isUuid } from '@/executor/constants'
 
 const logger = createLogger('FileAuthorization')
 
@@ -85,9 +86,7 @@ function extractWorkspaceIdFromKey(key: string): string | null {
   const parts = key.split('/')
   const workspaceId = parts[0]
 
-  // Validate UUID format
-  const UUID_PATTERN = /^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/i
-  if (workspaceId && UUID_PATTERN.test(workspaceId)) {
+  if (workspaceId && isUuid(workspaceId)) {
     return workspaceId
   }
 

apps/sim/app/api/files/upload/route.ts

@@ -1,5 +1,6 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { createLogger } from '@/lib/logs/console/logger'
+import { sanitizeFileName } from '@/executor/constants'
 import '@/lib/uploads/core/setup.server'
 import { getSession } from '@/lib/auth'
 import type { StorageContext } from '@/lib/uploads/config'
@@ -154,7 +155,7 @@ export async function POST(request: NextRequest) {
         logger.info(`Uploading knowledge-base file: ${originalName}`)
 
         const timestamp = Date.now()
-        const safeFileName = originalName.replace(/\s+/g, '-')
+        const safeFileName = sanitizeFileName(originalName)
         const storageKey = `kb/${timestamp}-${safeFileName}`
 
         const metadata: Record<string, string> = {
@@ -267,9 +268,8 @@ export async function POST(request: NextRequest) {
 
         logger.info(`Uploading ${context} file: ${originalName}`)
 
-        // Generate storage key with context prefix and timestamp to ensure uniqueness
         const timestamp = Date.now()
-        const safeFileName = originalName.replace(/\s+/g, '-')
+        const safeFileName = sanitizeFileName(originalName)
         const storageKey = `${context}/${timestamp}-${safeFileName}`
 
         const metadata: Record<string, string> = {

apps/sim/app/api/function/execute/route.ts

@@ -5,6 +5,7 @@ import { executeInE2B } from '@/lib/execution/e2b'
 import { executeInIsolatedVM } from '@/lib/execution/isolated-vm'
 import { CodeLanguage, DEFAULT_CODE_LANGUAGE, isValidCodeLanguage } from '@/lib/execution/languages'
 import { createLogger } from '@/lib/logs/console/logger'
+import { escapeRegExp, normalizeName, REFERENCE } from '@/executor/constants'
 import {
   createEnvVarPattern,
   createWorkflowVariablePattern,
@@ -405,7 +406,7 @@ function resolveWorkflowVariables(
 
     // Find the variable by name (workflowVariables is indexed by ID, values are variable objects)
     const foundVariable = Object.entries(workflowVariables).find(
-      ([_, variable]) => (variable.name || '').replace(/\s+/g, '') === variableName
+      ([_, variable]) => normalizeName(variable.name || '') === variableName
     )
 
     let variableValue: unknown = ''
@@ -513,31 +514,26 @@ function resolveTagVariables(
 ): string {
   let resolvedCode = code
 
-  const tagMatches = resolvedCode.match(/<([a-zA-Z_][a-zA-Z0-9_.]*[a-zA-Z0-9_])>/g) || []
+  const tagPattern = new RegExp(
+    `${REFERENCE.START}([a-zA-Z_][a-zA-Z0-9_${REFERENCE.PATH_DELIMITER}]*[a-zA-Z0-9_])${REFERENCE.END}`,
+    'g'
+  )
+  const tagMatches = resolvedCode.match(tagPattern) || []
 
   for (const match of tagMatches) {
-    const tagName = match.slice(1, -1).trim()
+    const tagName = match.slice(REFERENCE.START.length, -REFERENCE.END.length).trim()
 
     // Handle nested paths like "getrecord.response.data" or "function1.response.result"
     // First try params, then blockData directly, then try with block name mapping
     let tagValue = getNestedValue(params, tagName) || getNestedValue(blockData, tagName) || ''
 
     // If not found and the path starts with a block name, try mapping the block name to ID
-    if (!tagValue && tagName.includes('.')) {
-      const pathParts = tagName.split('.')
+    if (!tagValue && tagName.includes(REFERENCE.PATH_DELIMITER)) {
+      const pathParts = tagName.split(REFERENCE.PATH_DELIMITER)
       const normalizedBlockName = pathParts[0] // This should already be normalized like "function1"
 
-      // Find the block ID by looking for a block name that normalizes to this value
-      let blockId = null
-
-      for (const [blockName, id] of Object.entries(blockNameMapping)) {
-        // Apply the same normalization logic as the UI: remove spaces and lowercase
-        const normalizedName = blockName.replace(/\s+/g, '').toLowerCase()
-        if (normalizedName === normalizedBlockName) {
-          blockId = id
-          break
-        }
-      }
+      // Direct lookup using normalized block name
+      const blockId = blockNameMapping[normalizedBlockName] ?? null
 
       if (blockId) {
         const remainingPath = pathParts.slice(1).join('.')
@@ -617,13 +613,6 @@ function getNestedValue(obj: any, path: string): any {
   }, obj)
 }
 
-/**
- * Escape special regex characters in a string
- */
-function escapeRegExp(string: string): string {
-  return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
-}
-
 /**
  * Remove one trailing newline from stdout
  * This handles the common case where print() or console.log() adds a trailing \n

apps/sim/app/api/mcp/servers/test-connection/route.ts

@@ -6,6 +6,8 @@ import { getParsedBody, withMcpAuth } from '@/lib/mcp/middleware'
 import type { McpServerConfig, McpTransport } from '@/lib/mcp/types'
 import { validateMcpServerUrl } from '@/lib/mcp/url-validator'
 import { createMcpErrorResponse, createMcpSuccessResponse } from '@/lib/mcp/utils'
+import { REFERENCE } from '@/executor/constants'
+import { createEnvVarPattern } from '@/executor/utils/reference-validation'
 
 const logger = createLogger('McpServerTestAPI')
 
@@ -23,12 +25,13 @@ function isUrlBasedTransport(transport: McpTransport): boolean {
  * Resolve environment variables in strings
  */
 function resolveEnvVars(value: string, envVars: Record<string, string>): string {
-  const envMatches = value.match(/\{\{([^}]+)\}\}/g)
+  const envVarPattern = createEnvVarPattern()
+  const envMatches = value.match(envVarPattern)
   if (!envMatches) return value
 
   let resolvedValue = value
   for (const match of envMatches) {
-    const envKey = match.slice(2, -2).trim()
+    const envKey = match.slice(REFERENCE.ENV_VAR_START.length, -REFERENCE.ENV_VAR_END.length).trim()
     const envValue = envVars[envKey]
 
     if (envValue === undefined) {

apps/sim/app/api/tools/google_calendar/calendars/route.ts

@@ -1,9 +1,9 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { authorizeCredentialUse } from '@/lib/auth/credential-access'
-import { validateUUID } from '@/lib/core/security/input-validation'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { createLogger } from '@/lib/logs/console/logger'
 import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+import { isUuidV4 } from '@/executor/constants'
 export const dynamic = 'force-dynamic'
 
 const logger = createLogger('GoogleCalendarAPI')
@@ -35,18 +35,14 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Credential ID is required' }, { status: 400 })
     }
 
-    const credentialValidation = validateUUID(credentialId, 'credentialId')
-    if (!credentialValidation.isValid) {
+    if (!isUuidV4(credentialId)) {
       logger.warn(`[${requestId}] Invalid credentialId format`, { credentialId })
-      return NextResponse.json({ error: credentialValidation.error }, { status: 400 })
+      return NextResponse.json({ error: 'Invalid credential ID format' }, { status: 400 })
     }
 
-    if (workflowId) {
-      const workflowValidation = validateUUID(workflowId, 'workflowId')
-      if (!workflowValidation.isValid) {
-        logger.warn(`[${requestId}] Invalid workflowId format`, { workflowId })
-        return NextResponse.json({ error: workflowValidation.error }, { status: 400 })
-      }
+    if (workflowId && !isUuidV4(workflowId)) {
+      logger.warn(`[${requestId}] Invalid workflowId format`, { workflowId })
+      return NextResponse.json({ error: 'Invalid workflow ID format' }, { status: 400 })
     }
     const authz = await authorizeCredentialUse(request, { credentialId, workflowId })
     if (!authz.ok || !authz.credentialOwnerUserId) {

apps/sim/app/api/workflows/[id]/execute/route.ts

@@ -22,6 +22,7 @@ import {
 import { createStreamingResponse } from '@/lib/workflows/streaming/streaming'
 import { createHttpResponseFromBlock, workflowHasResponseBlock } from '@/lib/workflows/utils'
 import type { WorkflowExecutionPayload } from '@/background/workflow-execution'
+import { normalizeName } from '@/executor/constants'
 import { type ExecutionMetadata, ExecutionSnapshot } from '@/executor/execution/snapshot'
 import type { StreamingExecution } from '@/executor/types'
 import { Serializer } from '@/serializer'
@@ -86,10 +87,9 @@ function resolveOutputIds(
     const blockName = outputId.substring(0, dotIndex)
     const path = outputId.substring(dotIndex + 1)
 
-    const normalizedBlockName = blockName.toLowerCase().replace(/\s+/g, '')
+    const normalizedBlockName = normalizeName(blockName)
     const block = Object.values(blocks).find((b: any) => {
-      const normalized = (b.name || '').toLowerCase().replace(/\s+/g, '')
-      return normalized === normalizedBlockName
+      return normalizeName(b.name || '') === normalizedBlockName
     })
 
     if (!block) {

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/deploy/components/deploy-modal/deploy-modal.tsx

@@ -18,6 +18,7 @@ import { getEnv } from '@/lib/core/config/env'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getInputFormatExample as getInputFormatExampleUtil } from '@/lib/workflows/operations/deployment-utils'
 import type { WorkflowDeploymentVersionResponse } from '@/lib/workflows/persistence/utils'
+import { startsWithUuid } from '@/executor/constants'
 import { useWorkflowRegistry } from '@/stores/workflows/registry/store'
 import { useWorkflowStore } from '@/stores/workflows/workflow/store'
 import type { WorkflowState } from '@/stores/workflows/workflow/types'
@@ -289,10 +290,9 @@ export function DeployModal({
     if (!open || selectedStreamingOutputs.length === 0) return
 
     const blocks = Object.values(useWorkflowStore.getState().blocks)
-    const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/i
 
     const validOutputs = selectedStreamingOutputs.filter((outputId) => {
-      if (UUID_REGEX.test(outputId)) {
+      if (startsWithUuid(outputId)) {
         const underscoreIndex = outputId.indexOf('_')
         if (underscoreIndex === -1) return false
 

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/hooks/use-subflow-editor.ts

@@ -7,9 +7,9 @@ import {
 } from '@/lib/workflows/sanitization/references'
 import { checkTagTrigger } from '@/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/tag-dropdown/tag-dropdown'
 import { useAccessibleReferencePrefixes } from '@/app/workspace/[workspaceId]/w/[workflowId]/hooks/use-accessible-reference-prefixes'
+import { normalizeName, REFERENCE } from '@/executor/constants'
 import { createEnvVarPattern, createReferencePattern } from '@/executor/utils/reference-validation'
 import { useCollaborativeWorkflow } from '@/hooks/use-collaborative-workflow'
-import { normalizeName } from '@/stores/workflows/utils'
 import { useWorkflowStore } from '@/stores/workflows/workflow/store'
 import type { BlockState } from '@/stores/workflows/workflow/types'
 
@@ -89,7 +89,7 @@ export function useSubflowEditor(currentBlock: BlockState | null, currentBlockId
    */
   const shouldHighlightReference = useCallback(
     (part: string): boolean => {
-      if (!part.startsWith('<') || !part.endsWith('>')) {
+      if (!part.startsWith(REFERENCE.START) || !part.endsWith(REFERENCE.END)) {
         return false
       }
 
@@ -108,8 +108,8 @@ export function useSubflowEditor(currentBlock: BlockState | null, currentBlockId
         return true
       }
 
-      const inner = reference.slice(1, -1)
-      const [prefix] = inner.split('.')
+      const inner = reference.slice(REFERENCE.START.length, -REFERENCE.END.length)
+      const [prefix] = inner.split(REFERENCE.PATH_DELIMITER)
       const normalizedPrefix = normalizeName(prefix)
 
       if (SYSTEM_REFERENCE_PREFIXES.has(normalizedPrefix)) {