fixes

2026-04-15 13:03:38 +02:00
parent 9ddb203ec0
commit 05fc5bd6ff
11 changed files with 122 additions and 11 deletions
--- a/backend/app/schemas/router.py
+++ b/backend/app/schemas/router.py
@@ -21,6 +21,11 @@ class RouterBase(BaseModel):
    disable_binary_backups: bool = False
    disable_ping: bool = False

+    @field_validator("name", mode="before")
+    @classmethod
+    def normalize_name(cls, value: str | None) -> str:
+        return (value or "").strip()
+
    @field_validator("name")
    @classmethod
    def validate_name(cls, value: str) -> str:
@@ -63,7 +68,22 @@ class RouterUpdate(BaseModel):
    disable_binary_backups: bool | None = None
    disable_ping: bool | None = None

-    @field_validator("name", "host", "ssh_user", "ssh_key", "ssh_password", mode="before")
+    @field_validator("name", mode="before")
+    @classmethod
+    def normalize_name(cls, value: str | None) -> str | None:
+        normalized = (value or "").strip()
+        return normalized or None
+
+    @field_validator("name")
+    @classmethod
+    def validate_name(cls, value: str | None) -> str | None:
+        if value is None:
+            return value
+        if not ALLOWED_NAME_REGEX.match(value):
+            raise ValueError("Only letters, digits, dashes and underscores are allowed")
+        return value
+
+    @field_validator("host", "ssh_user", "ssh_key", "ssh_password", mode="before")
    @classmethod
    def normalize_text(cls, value: str | None) -> str | None:
        normalized = (value or "").strip()
--- a/backend/tests/test_routers.py
+++ b/backend/tests/test_routers.py
@@ -60,3 +60,54 @@ def test_router_list_marks_global_ssh_key_usage(monkeypatch, tmp_path):
        payload = list_response.json()
        assert payload[0]["uses_global_ssh_key"] is True
        assert payload[0]["has_effective_ssh_key"] is True
+
+
+
+def test_create_router_rejects_name_with_spaces(monkeypatch, tmp_path):
+    monkeypatch.setenv("DATABASE_URL", f"sqlite:///{tmp_path / 'routers-invalid-create.db'}")
+    monkeypatch.setenv("DATA_DIR", str(tmp_path / 'data-create'))
+    monkeypatch.setenv("SECRET_KEY", "test-secret")
+    monkeypatch.setenv("DEFAULT_ADMIN_USERNAME", "admin")
+    monkeypatch.setenv("DEFAULT_ADMIN_PASSWORD", "admin")
+
+    with TestClient(app) as client:
+        login_response = client.post("/api/auth/login", data={"username": "admin", "password": "admin"})
+        token = login_response.json()["access_token"]
+        headers = {"Authorization": f"Bearer {token}"}
+
+        response = client.post(
+            "/api/routers",
+            headers=headers,
+            json={"name": "core router", "host": "10.0.0.1", "port": 22, "ssh_user": "admin", "ssh_key": "KEY"},
+        )
+
+        assert response.status_code == 422
+
+
+def test_update_router_rejects_name_with_spaces(monkeypatch, tmp_path):
+    monkeypatch.setenv("DATABASE_URL", f"sqlite:///{tmp_path / 'routers-invalid-update.db'}")
+    monkeypatch.setenv("DATA_DIR", str(tmp_path / 'data-update'))
+    monkeypatch.setenv("SECRET_KEY", "test-secret")
+    monkeypatch.setenv("DEFAULT_ADMIN_USERNAME", "admin")
+    monkeypatch.setenv("DEFAULT_ADMIN_PASSWORD", "admin")
+
+    with TestClient(app) as client:
+        login_response = client.post("/api/auth/login", data={"username": "admin", "password": "admin"})
+        token = login_response.json()["access_token"]
+        headers = {"Authorization": f"Bearer {token}"}
+
+        create = client.post(
+            "/api/routers",
+            headers=headers,
+            json={"name": "core-router", "host": "10.0.0.1", "port": 22, "ssh_user": "admin", "ssh_key": "KEY"},
+        )
+        assert create.status_code == 200
+        router_id = create.json()["id"]
+
+        response = client.put(
+            f"/api/routers/{router_id}",
+            headers=headers,
+            json={"name": "branch router"},
+        )
+
+        assert response.status_code == 422